Thanks for the replies.
We have decided to setup the following structure for our DBAs:
Global DBA Group – sysadmin on all our SQL servers at all the sites.
VERY selective membership – limited to logins which will be used in emergency situations for support requirements. Management Approval will be required for Servers with DBs containing sensitive data.
Local DBA groups per site – sysadmin on local site SQL servers
Membership of these groups are up to the SQL server ‘owners’ (Someone based at that site).
Global CMS Group – Specific permissions on all SQL Servers to be able to evaluate policies via Central Management Server.