Recycle & Dispose · Data Security

Your data is destroyed before anything is resold or recycled

Data security is the foundation of everything we do. Maxicom destroys the data on your retired IT to NIST 800-88 and IEEE 2883, on a documented chain of custody, with a certificate of destruction — aligned to Singapore's PDPA and MAS TRM and Malaysia's PDPA. Nothing leaves your control with recoverable data on it, and every serial number is accounted for.

NIST 800-88 & IEEE 2883PDPA & MAS TRM alignedCertificate of destructionWitnessed destruction available
Destruction first, always. Nothing is resold or recycled until your data is gone — to NIST 800-88, on a documented chain of custody, with a certificate.
Every asset accounted for
Documented chain of custody, end to endCollected+ manifestSanitised+ certificateReused orrecycledPaid inSGDEvery asset is logged from pickup to settlement — the audit trail your PDPA obligations need.
From pickup to certificate, each drive is tracked by serial number on a documented chain of custody.
The standard

Data destruction to NIST 800-88 and IEEE 2883

Every data-bearing device we handle is sanitised to the recognised international standards: NIST SP 800-88 Rev. 1 for hard drives and IEEE 2883-2022 for SSDs and NVMe — the modern standard that treats solid-state media correctly rather than applying old spinning-disk methods. You receive a certificate of destruction, and where a drive is too sensitive or too damaged to sanitise, it is physically destroyed through a vetted partner whose certificate is issued alongside our chain-of-custody record. We claim only the methods we actually apply — we do not list certifications we don't hold.

Compared

The routes — compared

Shredder-only vendorDIY / ad hocMaxicom
Method choiceShred everythingInconsistentPurge / degauss / shred per media
EvidenceBasic certificateLittle or noneCertificate + serial-level chain of custody
Reuse valueDestroyedN/APreserved where safe, returned to you
Regulator fitPartialRiskyPDPA / MAS TRM / DOE aligned
Witnessed / on-siteRarelyNoAvailable
Singapore

What the law expects here

In Singapore, disposing of business IT engages the Personal Data Protection Act 2012 (PDPA), enforced by the Personal Data Protection Commission (PDPC) under the IMDA — you remain responsible for personal data until it is provably destroyed, including the Protection Obligation over data in transit and storage during disposal. Financial institutions additionally follow the MAS Technology Risk Management (TRM) guidelines, which set clear expectations for secure media disposal and vendor management. E-waste handling falls under the National Environment Agency and the Resource Sustainability Act's EPR scheme. Our chain of custody, sanitisation records and certificates are built to support all three.

Malaysia

What the law expects across the causeway

In Malaysia, business IT disposal engages the Personal Data Protection Act 2010 (Act 709), as amended by the Personal Data Protection (Amendment) Act 2024 (Act A1727), which strengthened obligations and enforcement and is overseen by the Personal Data Protection Department (JPDP). Business and industrial e-waste is handled as scheduled waste (code SW 110) under the Department of Environment (DOE) and must be routed to licensed recovery facilities. Our process and documentation support both, so a regional estate can be retired under one consistent standard.

Your options

Wipe, degauss or shred — chosen per media and classification

Different data calls for different treatment, and choosing correctly is part of doing this properly. We select the method per media type and data classification: cryptographic and overwrite purge to NIST 800-88 for drives that will be reused (the higher-value, lower-carbon outcome); degaussing where appropriate for magnetic media; and physical destruction or shredding through a licensed partner where a drive can't be sanitised or your policy requires it. For sensitive estates we support on-site destruction and witnessed destruction, so your security or compliance officer can observe. Data residency is respected throughout — media is handled within the region and tracked by serial number.

How it works

How selling your data-bearing IT works

  1. Send your list. A spreadsheet, an inventory, or just photos — make, model, rough condition and quantity.
  2. Get a written quote. Priced in SGD against the live secondary market, line-item where it helps.
  3. We collect. Free across Singapore, arranged across Malaysia, on a documented chain of custody.
  4. Data wiped, you get paid. Certificate of destruction, settlement in SGD once your inventory is reconciled.

See how it works in detail →

Data security

Nothing moves until your data is destroyed

Every data-bearing drive is sanitised to NIST SP 800-88 Rev. 1 (HDD) and IEEE 2883-2022 (SSD/NVMe), with a certificate of destruction, on a documented chain of custody. Drives that can't be wiped are physically destroyed through a vetted partner. Certified destruction is what makes buyback safe under Singapore's PDPA and Malaysia's PDPA — so it's included in the deal, not billed as an extra.

Data security & compliance →

FAQ

Your questions

What standard do you wipe to?
NIST SP 800-88 Rev. 1 for hard drives and IEEE 2883-2022 for SSD/NVMe, with a certificate of destruction. Drives that can't be sanitised are physically destroyed through a vetted partner.
Do you claim NAID AAA, R2 or ISO certification?
No — we claim only the methods we actually apply (NIST 800-88 and IEEE 2883). We won't list accreditations we don't hold; the certificate and chain of custody we provide are real and traceable.
Does this meet PDPA requirements?
Our process supports your obligations under Singapore's PDPA (PDPC) and Malaysia's PDPA 2010/2024 (JPDP), and for financial institutions the MAS TRM guidelines. You remain the data controller; we provide the destruction evidence.
Can we witness the destruction?
Yes — witnessed destruction can be arranged for your security or compliance officer, in person or by other agreed means, and on-site destruction is available for sensitive estates.
Do you offer physical shredding?
Yes — physical destruction or shredding is available through a licensed partner where a drive can't be sanitised or your policy requires it, with its own certificate.
Is data kept within the region?
Yes — media is handled within the region on a documented chain of custody, tracked by serial number, respecting data-residency expectations.
What about e-waste rules?
In Singapore, e-waste is handled under the NEA and Resource Sustainability Act; in Malaysia, business e-waste is scheduled waste SW 110 under the DOE. Only what can't be reused goes to licensed recyclers.
Can you support a regional estate under one standard?
Yes — we apply the same certified-destruction process and documentation across Singapore and Malaysia so a multi-country estate is retired consistently.

Retire your IT with the data handled properly.

Tell us what you're retiring and we'll set out the destruction method, documentation and buyback value.

Get my quote
About Maxicom

Maxicom Singapore Pte Ltd is an independent IT buyback and recycling company based at 51 Goldhill Plaza, Singapore, serving businesses across Singapore and Malaysia. We recover the value inside retired business IT, destroy data to NIST 800-88 and IEEE 2883, and route reusable hardware back into service — paying businesses for equipment that other recyclers charge to take.

Reviewed by the Maxicom compliance desk · Established 2015 · Last updated on deploy
Related

Explore more