Passer au contenu principal
Accueil · Case studies · Quebec-headquartered insurer · Law 25 disposal programme
Case study · Insurance

Quebec-headquartered insurer · Law 25 disposal programme

Quebec Law 25 work is the strictest privacy-disposal posture in North America. We deliver in French, write the manifest in French, and the audit pack reads in French to Quebec's Commission d'accès à l'information.

Engagement at a glance

Sector: Insurance. Sites: Montréal HQ + 4 Quebec branches. Devices: Insurer IT fleet with a large customer-PII drive estate. Duration: 3 months. Method: NIST 800-88 Purge with French-language manifest and certificate. Customer-PII drives physically destroyed (2mm shred) on-site with the insurer's privacy officer present. Quebec Law 25-aligned audit pack delivered alongside PIPEDA documentation.. Outcome: PII-safe disposal with Law 25-aligned, French-language audit documentation; CAD settlement. Representative engagement profile — figures illustrative.. Settled in CAD against PO. NDA standard throughout. All identifying details anonymised; specifics shareable on procurement reference call.

Sites covered

Montréal HQ + 4 Quebec branches

Devices retired

Insurer IT fleet with a large customer-PII drive estate

Engagement duration

3 months

Sanitisation method applied

NIST 800-88 Purge with French-language manifest and certificate. Customer-PII drives physically destroyed (2mm shred) on-site with the insurer's privacy officer present. Quebec Law 25-aligned audit pack delivered alongside PIPEDA documentation.

Outcome and value recovered

PII-safe disposal with Law 25-aligned, French-language audit documentation; CAD settlement. Representative engagement profile — figures illustrative.

Why this engagement matched the Maxicom playbook

A Insurance engagement of this scale typically benefits from Maxicom's programme model: single SOW spanning the Canada footprint, country-lead executing locally, programme manager based with the customer, quarterly business review consolidating Reuse-First metrics. Per-asset Certificate of Destruction admissible against OSFI B-13 and LPRPDE. Cross-border resale routing under NDA where local market depth was thin. Settlement consolidated to the customer's reporting-currency entity through internal Maxicom inter-company arrangements.

Standards stack applied

NIST SP 800-88 Rev. 2 Purge for working drives. IEEE 2883-2022 firmware Sanitize for SSD/NVMe. DoD 5220.22-M overwrite where the contract specified it. Physical destruction at 6mm/2mm/0.5mm where the data classification mandated it. Witness destruction at the request of the data owner for top-classified material. Per-asset certificate retention 8 years (BFSI default). Compliance attestation cross-referenced to the customer's sustainability framework (CSRD ESRS E5, ISSB IFRS S1/S2, BRSR Principle 6, GRI 301/305/306).

Reuse-First disposition KPIs reported back

Total tonnage processed. Reuse-First reuse rate (% refurbished + redeployed vs % destroyed by media class). Residual value recovered in CAD. Embodied-carbon-recovered estimate (CO₂e avoided versus a destruction-first counterfactual). Diversion-from-landfill percentage. Material-recovery breakdown (steel, aluminium, copper, plastics, rare earths). Downstream-chain documentation for every kilogram leaving Maxicom premises. Quarterly business review cadence for the duration of the engagement.

What this engagement demonstrates

Single-SOW programme execution at scale. Per-asset audit trail across thousands of devices. Reuse-First refurb economics delivering settlement value substantially above destruction-first OEM trade-in counterfactuals. Audit-clean documentation passed regulator inspection at first review. Cross-border resale routing under NDA preserved channel-respect for OEM-partner relationships. The customer remained anonymised in all public communication; the engagement is referenced here only in anonymised form per our standard NDA terms.

From your asset list to settlement FIVE STEPS · 7-14 BUSINESS DAYS i Asset list Photo or sheet You send ii Written quote 2 hours Local currency iii Pickup scheduled per engagement capable Signed manifest iv Destruction Per-device cert NIST 800-88 / IEEE 2883 v Settlement Against PO Audit pack delivered
Révisé par le bureau de conformité Maxicom. Dernière mise à jour April 2026.
Opère selon NIST 800-88 · LPRPDE · BSIF B-13 · Norme NAID · IEEE 2883-2022
Questions fréquentes

Questions fréquentes

Can I get a reference for this engagement?

On NDA, yes. Procurement reference calls available for serious enquiries — privately arranged through your account team after mutual NDA on both sides.

Why is the case anonymised?

NDA is standard for our engagements. We never name a client without their explicit written consent — even when the outcome is positive. The anonymised form preserves the engagement-pattern detail you need for procurement evaluation while respecting the original client's confidentiality.

How is this engagement-type priced?

Per-asset pricing in CAD, line-item per device, against your purchase order. Programme-level engagements receive multi-year locked rates with milestone-based settlement; single-event engagements are quoted at the engagement scope. Cross-border engagements consolidate settlement to the customer's reporting-currency entity through Maxicom inter-company arrangements.

What documentation does the engagement produce?

Per-asset Certificate of Destruction with eleven required fields, signed digitally and ink-on-paper. Pickup manifest with three-signature chain. Settlement invoice line-item per asset. ESG metrics report. Compliance attestation cross-referenced to the applicable regulators. Quarterly business review summary for programme engagements.

Can a similar engagement be scoped for our organisation?

Yes — most Insurance engagements at this scale follow comparable patterns. Send your asset inventory to start scoping; we respond with a written CAD quote in selon le mandat and a proposed engagement timeline within 5 business days.

Quand vous êtes prêt

Envoyez la liste d'actifs. Nous enverrons le chiffre.

Une photo du rack fonctionne. Un tableur fonctionne mieux. Règlement en CAD, contre bon de commande.

purchase@maxicom.ca · selon le mandat