Developing a Corporate Open Source policy

Does Red Hat have any guidelines on what to discuss or consider when developing an Open Source policy? The areas that I believe we need to address are:
1) If we ship a product that includes open source components, and need to backport a patch to an unsupported tool (for example, if we have a customer still on RHEL 3), we are of course bound by the license of that given tool (i.e., GPL Version 2). However, any source code modifications made by a corporate developer is till owned by the company, so it would still essentially require authorization by the company to release the source. Therefore it would be prudent to include in the policy document either a statement giving blanket authorization, or a statement requiring prior authorization before making changes on a GPL'd product (depending on the comfort level of the company).

2) Regarding use of Open Source internally: The company will need to balance the needs for support (so a statement that says "only open source products that have available external vendor support are permitted"), or a blanket statement authorizing the use of any well-vetted open source product, or something in between.

So my question: is there any sample discussion guidelines that has been developed for use in creating an appropriate policy for corporate use? Or actual examples of well adopted policies?

Thanks.