Data security is the foundation of everything we do. Maxicom destroys the data on your retired IT to NIST 800-88 and IEEE 2883, on a documented chain of custody, with a certificate of destruction — aligned to Singapore's PDPA and MAS TRM and Malaysia's PDPA. Nothing leaves your control with recoverable data on it, and every serial number is accounted for.
Every data-bearing device we handle is sanitised to the recognised international standards: NIST SP 800-88 Rev. 1 for hard drives and IEEE 2883-2022 for SSDs and NVMe — the modern standard that treats solid-state media correctly rather than applying old spinning-disk methods. You receive a certificate of destruction, and where a drive is too sensitive or too damaged to sanitise, it is physically destroyed through a vetted partner whose certificate is issued alongside our chain-of-custody record. We claim only the methods we actually apply — we do not list certifications we don't hold.
| Shredder-only vendor | DIY / ad hoc | Maxicom | |
|---|---|---|---|
| Method choice | Shred everything | Inconsistent | Purge / degauss / shred per media |
| Evidence | Basic certificate | Little or none | Certificate + serial-level chain of custody |
| Reuse value | Destroyed | N/A | Preserved where safe, returned to you |
| Regulator fit | Partial | Risky | PDPA / MAS TRM / DOE aligned |
| Witnessed / on-site | Rarely | No | Available |
In Singapore, disposing of business IT engages the Personal Data Protection Act 2012 (PDPA), enforced by the Personal Data Protection Commission (PDPC) under the IMDA — you remain responsible for personal data until it is provably destroyed, including the Protection Obligation over data in transit and storage during disposal. Financial institutions additionally follow the MAS Technology Risk Management (TRM) guidelines, which set clear expectations for secure media disposal and vendor management. E-waste handling falls under the National Environment Agency and the Resource Sustainability Act's EPR scheme. Our chain of custody, sanitisation records and certificates are built to support all three.
In Malaysia, business IT disposal engages the Personal Data Protection Act 2010 (Act 709), as amended by the Personal Data Protection (Amendment) Act 2024 (Act A1727), which strengthened obligations and enforcement and is overseen by the Personal Data Protection Department (JPDP). Business and industrial e-waste is handled as scheduled waste (code SW 110) under the Department of Environment (DOE) and must be routed to licensed recovery facilities. Our process and documentation support both, so a regional estate can be retired under one consistent standard.
Different data calls for different treatment, and choosing correctly is part of doing this properly. We select the method per media type and data classification: cryptographic and overwrite purge to NIST 800-88 for drives that will be reused (the higher-value, lower-carbon outcome); degaussing where appropriate for magnetic media; and physical destruction or shredding through a licensed partner where a drive can't be sanitised or your policy requires it. For sensitive estates we support on-site destruction and witnessed destruction, so your security or compliance officer can observe. Data residency is respected throughout — media is handled within the region and tracked by serial number.
Every data-bearing drive is sanitised to NIST SP 800-88 Rev. 1 (HDD) and IEEE 2883-2022 (SSD/NVMe), with a certificate of destruction, on a documented chain of custody. Drives that can't be wiped are physically destroyed through a vetted partner. Certified destruction is what makes buyback safe under Singapore's PDPA and Malaysia's PDPA — so it's included in the deal, not billed as an extra.
Tell us what you're retiring and we'll set out the destruction method, documentation and buyback value.
Get my quoteMaxicom Singapore Pte Ltd is an independent IT buyback and recycling company based at 51 Goldhill Plaza, Singapore, serving businesses across Singapore and Malaysia. We recover the value inside retired business IT, destroy data to NIST 800-88 and IEEE 2883, and route reusable hardware back into service — paying businesses for equipment that other recyclers charge to take.
Reviewed by the Maxicom compliance desk · Established 2015 · Last updated on deploy