I've just recently begun messing around with remediation policy rule sets. Currently I only have 3:
ignore sev 1's and 2's
assign patchable server vulns to server team
assign patchable client vulns to end user services.
I know that each policy is going to be unique to your organization, however, I am currently in that situation where I don't know what I don't know and looking for some ideas that might be applicable to my organization.