Thanks for the replies.

We have decided to setup the following structure for our DBAs:

Global DBA Group – sysadmin on all our SQL servers at all the sites.

VERY selective membership – limited to logins which will be used in emergency situations for support requirements. Management Approval will be required for Servers with DBs containing sensitive data.

Local DBA groups per site – sysadmin on local site SQL servers

Membership of these groups are up to the SQL server ‘owners’ (Someone based at that site).

Global CMS Group – Specific permissions on all SQL Servers to be able to evaluate policies via Central Management Server.