The Compliance Desk

Who the compliance desk is

A standing internal review function led by senior practitioners who have audited destruction protocols at every operating site.

What "reviewed" means

Every claim on this site about a standard, a regulator, a method, or a certification is reviewed against the operating reality. We do not publish what we do not do.

What we deliberately do not claim

NAID AAA membership we have not bought. R2 / e-Stewards we orchestrate through partners. ISO certifications we have not been audited against. Awards, rankings or volumes we cannot verify.

Operating record

30 years of continuous operation. The Maxicom group was founded in India in 1996 and has operated continuously across multiple regions ever since through five major economic cycles, two GCC regulatory revisions, the 2008 global financial crisis, the 2020-2022 supply-shock period, and the 2023-2025 AI-hardware boom. Across that span the engagement model has stayed remarkably consistent: per-asset pickup, per-asset sanitisation, per-asset Certificate of Destruction, settlement in your reporting currency against PO. Operations across UAE, India, Singapore, Canada and Hong Kong; current headcount across the group is in the low hundreds.

Compliance posture and the standards we work to

Across all four operating regions, the standards stack is consistent: NIST SP 800-88 Rev. 1 (the framework auditors default to), IEEE 2883-2022 (the SSD/NVMe sanitisation standard), DoD 5220.22-M where contractually specified, NAID-grade Protocol for the operational-discipline layer, plus your local privacy law: DPDPA 2023 in India, PIPEDA + OSFI Guideline B-13 + Quebec Law 25 in Canada, PDPA Section 24 + MAS TRM in Singapore, UAE PDPL Article 21 (Federal Decree-Law 45/2021) + DIFC DPL 2020 + ADGM DP Regs 2021 + Central Bank of UAE Cybersecurity Standards in the UAE. Every engagement certificate is written to be admissible against all simultaneously — one document covers every framework an auditor is likely to ask about.

What we do not claim

NAID AAA Certification we have not paid for (we operate to NAID-grade Protocol — same operational discipline, no annual audit fee). R2v3 / e-Stewards we orchestrate through licensed-recycler partners rather than holding directly. ISO 27001 / ISO 14001 / ISO 45001 we have not been third-party audited against (partner certifications documented per engagement). Awards, rankings or volumes we cannot independently verify. The compliance desk reviews every page on this site against operating reality before publication; what we do not actually do, we do not claim.

How we settle and how we contract

Settlement is in your reporting currency (CAD) against your purchase order, line-item per asset, payment terms agreed in the SOW as Maxicom standard. Programme engagements run on multi-year master service agreements with milestone-based settlement and quarterly business reviews. Cross-border engagements (where the asset routes between Maxicom operating regions) are consolidated to your reporting-currency entity through internal Maxicom inter-company arrangements; the customer-facing transaction is single-currency. CAD settlement is the Maxicom standard for Canada engagements; the SOW is contracted through Maxicom Inc. for tax and regulatory clarity.