"Wireless communications are borderless and are hard to control," said Richard Gibbons, a senior expert on compliance for Qumas Inc., a provider of compliance software for financial services and life science organizations in Florham Park, N.J. "Organizations have been finding it difficult to craft sufficient policies."

Covering the basics

The first step to managing the compliance risks of mobility is obvious: Cover the basics required to meet compliance standards in the office. In many enterprises, this process has been under way for years, and covering the basics well will make mobile compliance easier.

"Mobility complicates the risks," said John Morency, co-founder and principal of Transitional Data Services, an IT services firm in Hopkinton, Mass. "The way to mitigate those risks consistently is to nail down how you want to log and record and capture everything that goes on."

Logging changes to systems and individual records is central to Sarbanes-Oxley in particular but also can help with compliance with other regulations, Morency said.