Managed Medical Review Organization, Inc. (MMRO), Continues to Enhance its IT Compliance Program.

Share Article

Managed Medical Review Organization, Inc. (MMRO) is proud to announce the successful completion of the Service Organization Control (SOC) 2 Type II audit.

MMRO, a leading provider of public sector Disability Retirement Claim Review Services and Independent Medical Review Services, announced the successful completion of its annual Service Organization Control (SOC) 2 Type II audit. The American Institute of Certified Public Accountants (AICPA) has issued an Interpretation under AT Section 101 permitting service auditors to issue reports that are not specifically focused on internal controls over financial reporting. These reports will now be considered SOC 2 reports and focus on controls at a service organization relevant to the Trust Services principles.

“The SOC 2 report demonstrates MMRO’s commitment to the security, availability, and confidentiality of its environment,” says Tim Roncevich, Partner at SSAE 16 Professionals. “The successful completion of this audit is a testament to MMRO’s integrity, accountability, and its commitment to its customers.”

The audit undergone by MMRO was conducted in accordance with the AICPA SOC reporting standards.  The audit was conducted by SSAE 16 Professionals, LLP, which is a full service accounting firm providing SOC 2 Type I and Type II audits. SSAE 16 Professionals evaluated MMRO's design and operating effectiveness of internal controls and processes related to the Security, Availability and Confidentiality Trust Services Principles. The firm has found that MMRO has met or exceeded the expectations and is fully compliant to the standard.

About SOC 2 Reports
A SOC 2 report falls under the AICPA AT 101 guidelines and can also be either a Type I or a Type II. Whereas SSAE 16 (SOC 1) reports are used for audits of controls that impact a user organization’s internal controls over financial reporting (ICFR), SOC 2 reports are intended service organizations whose services do not impact ICFR. The typical users of a SOC 2 report will include prospective clients of the service organization, management of the service organization, and independent auditors providing services to the user organizations. The SOC 2 audit covers operational and/or regulatory compliance controls and follows pre-defined Trust Services Principles and Criteria.

About MMRO, Inc
Managed Medical Review Organization, Inc. (MMRO) provides private and public sector clients of all sizes and scopes with accurate, efficient, and transparent Independent Medical Review and Disability Retirement Claims Management Services. MMRO’s client base includes medical insurance companies and public pension retirement systems at the state, county and municipal levels (including teachers, school employees, police & fire as well as general public employee’s retirement systems). The company’s customer facing corporate website address is

About SSAE 16 Professionals, LLP
SSAE 16 Professionals, LLP is a leading firm specializing in SSAE 16 and SOC 2 audits and readiness assessments. Each of its professionals has over 10 years of relevant experience at “Big 4” and other large international or regional accounting firms. Each professional is certified as a CPA (Certified Public Accountant), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), CISSP (Certified Information Systems Security Professional), and/or MBA (Master of Business Administration). For more information, please visit

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Joe Jimenez
SSAE 16 Professionals, LLC
+1 (866) 480-9485 Ext: 225
Email >

Tim Roncevich
since: 03/2011
Follow >
SSAE 16 Professionals, LLP
since: 08/2011
Like >
SSAE 16 Professionals

Visit website