Your employees' files, customer records, financial data, and source code are on those devices. Here is exactly how we handle them — and what protections you can put in place before we begin any work.
Most device failures are hardware problems. But every hardware problem is also a potential data exposure event — unless your service provider has a clear protocol.
Contracts, HR files, internal communications, presentation decks, and personal identifiable information that employees store locally — all accessible if a device reaches an engineer without a no-access policy in place.
Customer databases, invoicing records, payment details, and banking credentials. For regulated industries, an unauthorised access event can trigger compliance reporting obligations. The cost of a breach far exceeds the cost of prevention.
Proprietary algorithms, unreleased product roadmaps, patent-pending designs, and customer contracts. For IT companies and startups, this is frequently the most commercially sensitive data on any device.
EMR records, radiology images, diagnostic notes, and treatment histories on hospital workstations. Healthcare organisations face strict data governance requirements — device servicing must match that standard.
Account credentials, transaction logs, customer KYC documents, and branch-level financial records. Branch laptops and manager workstations often hold locally cached versions of sensitive customer files.
Saved passwords, VPN configurations, SSH keys, API tokens, and admin credentials stored in browsers and password managers. A compromised device can become a backdoor into your wider network infrastructure.
Every enterprise device goes through this documented process. No exceptions, no shortcuts.
When your device arrives, our intake process logs the serial number, physical condition, reported fault, and your contact details. We do not power on the device and attempt OS login as a default step. Hardware diagnostics are run at the component level — POST codes, battery health, display test, keyboard matrix — none of which require access to your data partition.
The device is assigned to a specific engineer logged in the job sheet. That engineer's access is restricted to the repair task scope — they are not authorised to browse the file system, launch user applications, or connect the device to external storage. Workstations in our service centre require ID-based login; engineers cannot perform tasks on devices assigned to a different job order.
Certain diagnostics — GPU stress testing, thermal calibration, display calibration for colour-accurate panels — require the device to boot into an OS environment. In these cases, we contact your designated IT contact before proceeding. We request a temporary guest account or a dedicated diagnostic PIN. We never use a master password or bypass lock screens. Proceeding without explicit permission is a policy violation.
For devices that your team classifies as high-sensitivity — executive laptops, finance terminals, clinical workstations — we offer supervised diagnostic sessions. Your IT representative can be present, physically or via a screen-sharing session, during any part of the diagnostic process that involves OS access. This is available on request at no additional charge.
Every repair generates a signed audit log: engineer name, work performed, parts replaced, OS access events (if any), and QA sign-off. This log is retained for 12 months and can be provided to your IT or compliance team on request. For AMC clients, the audit log is included in the quarterly device health report.
For organisations where a documented no-access policy is not enough — legal firms, government agencies, defence contractors, hospitals with HIPAA-equivalent requirements — physical separation of the storage drive is the most defensible position.
There is no possibility of data exposure if the storage media is not present during repair. No policy, no process, no NDA creates the same level of assurance as physical custody of the drive.
This option does not compromise repair quality. Almost all common laptop faults — screen damage, battery failure, keyboard malfunction, hinge damage, motherboard component faults — can be fully resolved without the storage drive installed.
For devices being retired, reassigned, or returned to leasing companies — a documented wipe with a certificate you can file.
Our wipe process uses a documented multi-pass overwrite pattern aligned with NIST SP 800-88 Clear guidelines. After completion, the drive is verified to ensure no readable data segments remain.
Each drive receives an individual certificate that includes the drive serial number, wipe date, method used, verification status, and the engineer's name. Suitable for audit, compliance, and asset disposition records.
Retiring 20, 50, or 200 devices at end of lease or refresh cycle? We collect the fleet, perform certified wipes on all drives, and return a complete certificate bundle for your records.
If the device is being redeployed to a new employee, we can wipe, reimage with your standard OS build, and return the device ready for onboarding — as part of a single service engagement.
Certificate provided in PDF format. Each device in a bulk order receives an individual certificate. Bundle provided in a single ZIP archive for your records.
The security of your data depends on the people handling your devices. Here is what we put in place before any engineer touches an enterprise device.
Every engineer assigned to enterprise work has undergone a background check covering identity, address, and prior employment, conducted through a third-party verification agency. Records are on file and available for review on request.
All engineers handling enterprise devices sign an internal confidentiality agreement covering device contents and client information. Your organisation can additionally request a mutual NDA, either our template or yours.
Service centre workstations require individual engineer login. Engineers cannot perform work on devices not assigned to their active job order. Access events are logged at the workstation level.
Each job order defines the exact scope of work. Engineers are authorised only for the tasks documented in that job order. Performing work outside the defined scope is a policy violation subject to immediate escalation.
Any deviation from the no-access policy — whether accidental or deliberate — is treated as an incident. The engineer must report it immediately to the service manager. Your account manager is notified within 2 hours. A written incident report follows within 24 hours.
Enterprise data handling procedures are reviewed periodically. Findings from AMC client engagements are incorporated into the standard operating procedure. Clients can request a copy of the current SOP for review.
These sectors rely on our data handling protocols as a non-negotiable requirement — not an optional upgrade.
EMR workstations, nursing station laptops, doctor devices, and radiology terminals require strict data governance. We offer SSD removal, supervised diagnostics, and after-hours servicing to avoid patient care disruption.
Branch laptops, relationship manager devices, and admin systems hold customer KYC and transaction data. Our no-access policy and audit logs meet the documentation standards most bank IT teams require from third-party vendors.
Government workstations frequently contain citizen data, classified administrative records, and privileged credentials. We work with designated agency IT representatives to establish access protocols before any work begins.
Source code repositories, cloud credentials, API keys, and client data agreements represent significant commercial exposure. Our IP-protection protocols — SSD removal, NDA, supervised diagnostics — are designed with this sector in mind.
Research data, clinical trial records, formulation databases, and regulatory filing documents. We treat pharma and R&D workstations as high-sensitivity by default — SSD removal is available at no additional charge for this sector.
Client privilege documents, case files, merger and acquisition details, and board-level correspondence. Legal firms routinely require vendor NDAs as a matter of policy — we accommodate that requirement as a standard starting point.
Student records, examination data, faculty devices, and administrative systems. Educational institutions manage large device fleets and often benefit from bulk wipe services at the end of each academic year.
Customer data from client contracts, call recordings, CRM exports, and agent credentials. BPO environments operate 24/7 with large device counts — our bulk handling and rapid turnaround are built for this operational cadence.
No. Our default process does not require OS login for most hardware work. Where diagnostics require a login, we request a temporary guest account or a test PIN — with your permission before proceeding. Engineers are instructed not to browse file systems or open applications.
Yes. This is our highest-assurance option. Your IT team or ours removes the SSD before work begins. You retain custody of the drive. We repair the rest of the device and return it. You reinstall the drive. No data exposure is possible during the repair period.
We perform a multi-pass overwrite aligned with NIST SP 800-88 Clear guidelines. After the wipe, the drive is verified to confirm no readable data remains. A written certificate is issued per device, including the drive serial number, wipe date, method, and engineer name.
Yes. All engineers assigned to enterprise work have completed background verification covering identity, address, and prior employment through a third-party agency. Records are on file and available for enterprise clients to review on request.
Yes. We offer a mutual NDA as a standard enterprise add-on. It covers confidentiality of device contents, hardware configuration, and any organisational information observed during servicing. Your legal team can use our template or provide their own — we accommodate both.
We do not currently hold SOC2 or ISO 27001 certification. We provide a documented set of operational controls: no-access policy, SSD removal option, background-verified engineers, NDAs on file, audit-logged repairs, and certified data wipe with written certificates. These controls are available for your review.
Yes. We collect the fleet in a single pickup, perform certified wipes on each drive, and return a complete certificate bundle. Bulk pricing is available. Share your device count and timeline via WhatsApp or the proposal form — we will respond within 24 hours.
Any deviation from the no-access policy is treated as an incident, regardless of intent. The engineer reports it immediately to the service manager. Your account manager is notified within 2 hours. A written incident report is provided within 24 hours, including what was accessed, by whom, and the corrective action taken.
Tell us what you need — SSD removal, certified wipe, NDA, supervised diagnostics, or a combination. We'll confirm which protocols apply to your devices and industry before any work begins.