Per-job Certificate of Destruction — what's on it.
Every Maxicom India job ships with one Certificate of Destruction. It cites the standards, lists the assets, names the operator and witness, and includes the alignment statements that slot into DPDPA 2023 / TRM evidence packs without rewriting.
Every Certificate contains
- ♦ Job reference (Maxicom format: MXSG-YYYY-XXXXX) and customer reference.
- ♦ Per-asset row: serial number, make, model, capacity, classification, method, completion timestamp.
- ♦ Wipe log per device for Clear/Purge: pass count, completion, operator ID.
- ♦ Shred batch ID per device for Destroy method, with photo evidence reference.
- ♦ Operator signature + witness signature (two-operator destruction is standard).
- ♦ Standards citation: NIST SP 800-88 Rev. 1 and IEEE 2883-2022 — and DoD 5220.22-M if used.
- ♦ DPDPA 2023 (security obligation) alignment statement.
- ♦ RBI IT-Risk-aware citation (banking/fintech jobs).
- ♦ Downstream-recipient log: where any residual material went.
PDF + PDF/A; retained both sides.
The Certificate is delivered as a PDF (with PDF/A for long-term archival on request). One signed digital copy goes to your nominated recipients; we retain a counter-signed copy on file for the same retention period as the underlying data — typically 5–7 years — for cross-reference if your auditor ever asks.
Field-by-field walkthrough of the Maxicom format.
Every Maxicom India Certificate of Destruction is a single document covering one job. Below are the sections in the order they appear, with a description of why each is there and what your auditor will look for.
Header — job reference + customer reference. Maxicom format is MXSG-YYYY-{A|B|C}-XXXXX where A = sell-to-us, B = service-request, C = buy-from-us. Customer reference is your PO or contract number. Auditors cross-reference both.
Pickup details. Pickup date(s), pickup location(s), name of the Maxicom operator who collected, name of the customer-side authorised hand-over individual.
Destruction details. Destruction date(s), destruction location (in-facility / on-site), names of the two operators who performed destruction, name of the witness who counter-signed.
Per-asset table — the centre of the document. One row per device. Columns: serial number, make, model, capacity, classification, method (Clear / Purge / Destroy), completion timestamp, operator ID. For Clear / Purge methods, additional wipe-log columns (pass count, completion confirmation). For Destroy method, the shred batch ID and a reference to the photo evidence.
Standards citation. NIST SP 800-88 Rev. 1 with the specific category (Clear / Purge / Destroy). IEEE 2883-2022 with the equivalent category. DoD 5220.22-M if used. The standards-citation block is what your auditor maps against your internal compliance policy.
Alignment statements — applicable engagements only. DPDPA 2023 Section 24 alignment for engagements involving personal data. RBI IT-Risk-aware citation for regulated financial institutions. CERT-In Cyber Incident Reporting Directions chain-of-custody statement for CII sectors. These are not always all present — they're added when relevant to the customer's compliance frame.
Downstream-recipient log. Where any residual material went after destruction. The log names the downstream party (typically an e-waste recycler holding NEA licensing), their licence reference where applicable, and the date the material was transferred.
Operator + witness signatures. Electronic signatures with named individuals. The signatures are part of why two-operator + witness destruction is non-negotiable — without three named individuals, the destruction is not auditable.
Format. PDF and PDF/A archival. Both are delivered to the customer; Maxicom retains a counter-signed copy for at least 7 years.
Visual reference.
Certificate of Destruction format — frequently asked
Can we get a sample Certificate before contracting?
Yes. Ask us — we'll send a sanitised sample with realistic content (fake serials) so your audit team can review the format before contracting.
Can I see a sample Certificate of Destruction before contracting?
Yes. A sanitised sample with realistic format and fake serial numbers is available on request via the contact form or at +91 22 2222 2222. The sample shows the Maxicom format with all sections present — header, pickup details, destruction details, per-asset table, standards citation, alignment statements, downstream-recipient log, operator and witness signatures.
What format is the Maxicom Certificate of Destruction issued in?
PDF and PDF/A archival format, both delivered to the customer. PDF/A is an ISO-standardised long-term archival format suitable for retention spanning years or decades — important for sectors with long retention requirements (healthcare, insurance, legal). Maxicom retains a counter-signed copy on file for at least 7 years.
Does the Certificate cite specific destruction standards?
Yes. Every Certificate cites NIST SP 800-88 Rev. 1 with the specific category (Clear / Purge / Destroy), IEEE 2883-2022 with the equivalent category, and DoD 5220.22-M if used. Engagement-specific alignment statements (DPDPA 2023 (security obligation), RBI IT-Risk-aware, CERT-In Cyber Incident Reporting Directions chain-of-custody) are added when relevant to the customer's compliance frame.
What's in a Maxicom India Certificate of Destruction?
Header (Maxicom job ref MXSG-YYYY-{A|B|C}-XXXXX, customer reference), pickup details (date, location, hand-over individual), destruction details (date, location, two operators, witness), per-asset table (one row per device — serial number, make, model, capacity, classification, method, completion timestamp, operator ID), wipe-log or shred-batch-ID per device, operator + witness electronic signatures, standards citation (NIST SP 800-88 Rev. 1, IEEE 2883-2022, DoD 5220.22-M if used), alignment statements (DPDPA 2023 (security obligation), RBI IT-Risk-aware where applicable, CERT-In Cyber Incident Reporting Directions for CII sectors), downstream-recipient log.
Are Certificates of Destruction legally binding in India?
A Certificate of Destruction is contractual evidence from the destruction vendor about the work performed; it's not a regulatory designation. Its legal weight depends on the customer's compliance frame: for DPDPA 2023 (security obligation) evidence, the Certificate's value is in supporting the customer's defensible disposal claim. For RBI IT-Risk Management framework evidence, it's part of the FI's TRM evidence file. For NEA RSA 2019 evidence, it's part of the producer's documentation of regulated e-waste handling. The Certificate is the keystone document but sits inside a broader evidence pack.