Quebec-headquartered insurer · Law 25 disposal programme
Quebec Law 25 work is the strictest privacy-disposal posture in North America. We deliver in French, write the manifest in French, and the audit pack reads in French to Quebec's Commission d'accès à l'information.
Engagement at a glance
Sector: Insurance. Sites: Montréal HQ + 4 Quebec branches. Devices: Insurer IT fleet with a large customer-PII drive estate. Duration: 3 months. Method: NIST 800-88 Purge with French-language manifest and certificate. Customer-PII drives physically destroyed (2mm shred) on-site with the insurer's privacy officer present. Quebec Law 25-aligned audit pack delivered alongside PIPEDA documentation.. Outcome: PII-safe disposal with Law 25-aligned, French-language audit documentation; CAD settlement. Representative engagement profile — figures illustrative.. Settled in CAD against PO. NDA standard throughout. All identifying details anonymised; specifics shareable on procurement reference call.
Sites covered
Montréal HQ + 4 Quebec branches
Devices retired
Insurer IT fleet with a large customer-PII drive estate
Engagement duration
3 months
Sanitisation method applied
NIST 800-88 Purge with French-language manifest and certificate. Customer-PII drives physically destroyed (2mm shred) on-site with the insurer's privacy officer present. Quebec Law 25-aligned audit pack delivered alongside PIPEDA documentation.
Outcome and value recovered
PII-safe disposal with Law 25-aligned, French-language audit documentation; CAD settlement. Representative engagement profile — figures illustrative.
Why this engagement matched the Maxicom playbook
A Insurance engagement of this scale typically benefits from Maxicom's programme model: single SOW spanning the Canada footprint, country-lead executing locally, programme manager based with the customer, quarterly business review consolidating Reuse-First metrics. Per-asset Certificate of Destruction admissible against OSFI B-13 and PIPEDA. Cross-border resale routing under NDA where local market depth was thin. Settlement consolidated to the customer's reporting-currency entity through internal Maxicom inter-company arrangements.
Standards stack applied
NIST SP 800-88 Rev. 1 Purge for working drives. IEEE 2883-2022 firmware Sanitize for SSD/NVMe. DoD 5220.22-M overwrite where the contract specified it. Physical destruction at 6mm/2mm/0.5mm where the data classification mandated it. Witness destruction at the request of the data owner for top-classified material. Per-asset certificate retention 8 years (BFSI default). Compliance attestation cross-referenced to the customer's sustainability framework (CSRD ESRS E5, ISSB IFRS S1/S2, BRSR Principle 6, GRI 301/305/306).
Reuse-First disposition KPIs reported back
Total tonnage processed. Reuse-First reuse rate (% refurbished + redeployed vs % destroyed by media class). Residual value recovered in CAD. Embodied-carbon-recovered estimate (CO₂e avoided versus a destruction-first counterfactual). Diversion-from-landfill percentage. Material-recovery breakdown (steel, aluminium, copper, plastics, rare earths). Downstream-chain documentation for every kilogram leaving Maxicom premises. Quarterly business review cadence for the duration of the engagement.
What this engagement demonstrates
Single-SOW programme execution at scale. Per-asset audit trail across thousands of devices. Reuse-First refurb economics delivering settlement value substantially above destruction-first OEM trade-in counterfactuals. Audit-clean documentation passed regulator inspection at first review. Cross-border resale routing under NDA preserved channel-respect for OEM-partner relationships. The customer remained anonymised in all public communication; the engagement is referenced here only in anonymised form per our standard NDA terms.
Authoritative references
Primary sources for the standards and frameworks referenced on this page. Maxicom maps every engagement to these recognised authorities.
Frequently asked questions
Can I get a reference for this engagement?
On NDA, yes. Procurement reference calls available for serious enquiries — privately arranged through your account team after mutual NDA on both sides.
Why is the case anonymised?
NDA is standard for our engagements. We never name a client without their explicit written consent — even when the outcome is positive. The anonymised form preserves the engagement-pattern detail you need for procurement evaluation while respecting the original client's confidentiality.
How is this engagement-type priced?
Per-asset pricing in CAD, line-item per device, against your purchase order. Programme-level engagements receive multi-year locked rates with milestone-based settlement; single-event engagements are quoted at the engagement scope. Cross-border engagements consolidate settlement to the customer's reporting-currency entity through Maxicom inter-company arrangements.
What documentation does the engagement produce?
Per-asset Certificate of Destruction with eleven required fields, signed digitally and ink-on-paper. Pickup manifest with three-signature chain. Settlement invoice line-item per asset. ESG metrics report. Compliance attestation cross-referenced to the applicable regulators. Quarterly business review summary for programme engagements.
Can a similar engagement be scoped for our organisation?
Yes — most Insurance engagements at this scale follow comparable patterns. Send your asset inventory to start scoping; we respond with a written CAD quote in per engagement SLA and a proposed engagement timeline within 5 business days.
Related practices, regulators & markets
SSD / HDD Drive Buyback
SSD/HDD buyback
→Finance & Banking IT Buyback
Banking IT buyback
→IT Buyback (All Asset Classes)
IT buyback
→Healthcare
Healthcare
→Certificates of Destruction
Certificates
→IT disposal in Montreal
Montreal
→Reverse Logistics
Reverse logistics
→Trade-In & Exchange Program
Trade-in & exchange
→Memory & RAM Buyback
Memory / RAM
→Send the asset list. We will send the number.
A photograph of the rack works. A spreadsheet works better. CAD settlement, against PO.