Quebec-headquartered insurer · Law 25 disposal programme
Quebec Law 25 work is the strictest privacy-disposal posture in North America. We deliver in French, write the manifest in French, and the audit pack reads in French to Quebec's Commission d'accès à l'information.
Engagement at a glance
Sector: Insurance. Sites: Montréal HQ + 4 Quebec branches. Devices: Insurer IT fleet with a large customer-PII drive estate. Duration: 3 months. Method: NIST 800-88 Purge with French-language manifest and certificate. Customer-PII drives physically destroyed (2mm shred) on-site with the insurer's privacy officer present. Quebec Law 25-aligned audit pack delivered alongside PIPEDA documentation.. Outcome: PII-safe disposal with Law 25-aligned, French-language audit documentation; CAD settlement. Representative engagement profile — figures illustrative.. Settled in CAD against PO. NDA standard throughout. All identifying details anonymised; specifics shareable on procurement reference call.
Sites covered
Montréal HQ + 4 Quebec branches
Devices retired
Insurer IT fleet with a large customer-PII drive estate
Engagement duration
3 months
Sanitisation method applied
NIST 800-88 Purge with French-language manifest and certificate. Customer-PII drives physically destroyed (2mm shred) on-site with the insurer's privacy officer present. Quebec Law 25-aligned audit pack delivered alongside PIPEDA documentation.
Outcome and value recovered
PII-safe disposal with Law 25-aligned, French-language audit documentation; CAD settlement. Representative engagement profile — figures illustrative.
Why this engagement matched the Maxicom playbook
A Insurance engagement of this scale typically benefits from Maxicom's programme model: single SOW spanning the Canada footprint, country-lead executing locally, programme manager based with the customer, quarterly business review consolidating Reuse-First metrics. Per-asset Certificate of Destruction admissible against OSFI B-13 and LPRPDE. Cross-border resale routing under NDA where local market depth was thin. Settlement consolidated to the customer's reporting-currency entity through internal Maxicom inter-company arrangements.
Standards stack applied
NIST SP 800-88 Rev. 2 Purge for working drives. IEEE 2883-2022 firmware Sanitize for SSD/NVMe. DoD 5220.22-M overwrite where the contract specified it. Physical destruction at 6mm/2mm/0.5mm where the data classification mandated it. Witness destruction at the request of the data owner for top-classified material. Per-asset certificate retention 8 years (BFSI default). Compliance attestation cross-referenced to the customer's sustainability framework (CSRD ESRS E5, ISSB IFRS S1/S2, BRSR Principle 6, GRI 301/305/306).
Reuse-First disposition KPIs reported back
Total tonnage processed. Reuse-First reuse rate (% refurbished + redeployed vs % destroyed by media class). Residual value recovered in CAD. Embodied-carbon-recovered estimate (CO₂e avoided versus a destruction-first counterfactual). Diversion-from-landfill percentage. Material-recovery breakdown (steel, aluminium, copper, plastics, rare earths). Downstream-chain documentation for every kilogram leaving Maxicom premises. Quarterly business review cadence for the duration of the engagement.
What this engagement demonstrates
Single-SOW programme execution at scale. Per-asset audit trail across thousands of devices. Reuse-First refurb economics delivering settlement value substantially above destruction-first OEM trade-in counterfactuals. Audit-clean documentation passed regulator inspection at first review. Cross-border resale routing under NDA preserved channel-respect for OEM-partner relationships. The customer remained anonymised in all public communication; the engagement is referenced here only in anonymised form per our standard NDA terms.
Références faisant autorité
Sources primaires pour les normes citées sur cette page.
Questions fréquentes
Can I get a reference for this engagement?
On NDA, yes. Procurement reference calls available for serious enquiries — privately arranged through your account team after mutual NDA on both sides.
Why is the case anonymised?
NDA is standard for our engagements. We never name a client without their explicit written consent — even when the outcome is positive. The anonymised form preserves the engagement-pattern detail you need for procurement evaluation while respecting the original client's confidentiality.
How is this engagement-type priced?
Per-asset pricing in CAD, line-item per device, against your purchase order. Programme-level engagements receive multi-year locked rates with milestone-based settlement; single-event engagements are quoted at the engagement scope. Cross-border engagements consolidate settlement to the customer's reporting-currency entity through Maxicom inter-company arrangements.
What documentation does the engagement produce?
Per-asset Certificate of Destruction with eleven required fields, signed digitally and ink-on-paper. Pickup manifest with three-signature chain. Settlement invoice line-item per asset. ESG metrics report. Compliance attestation cross-referenced to the applicable regulators. Quarterly business review summary for programme engagements.
Can a similar engagement be scoped for our organisation?
Yes — most Insurance engagements at this scale follow comparable patterns. Send your asset inventory to start scoping; we respond with a written CAD quote in selon le mandat and a proposed engagement timeline within 5 business days.
Related practices, regulators & markets
SSD / HDD Drive Buyback
SSD/HDD buyback
→Finance & Banking IT Buyback
Banking IT buyback
→IT Buyback (All Asset Classes)
IT buyback
→Healthcare
Healthcare
→Certificates of Destruction
Certificates
→IT disposal in Montréal
Montréal
→Reverse Logistics
Reverse logistics
→Trade-In & Exchange Program
Trade-in & exchange
→Memory & RAM Buyback
Memory / RAM
→Envoyez la liste d'actifs. Nous enverrons le chiffre.
Une photo du rack fonctionne. Un tableur fonctionne mieux. Règlement en CAD, contre bon de commande.