This document describes the journey to establish an open source policy at a Fortune 20 healthcare company. It discusses establishing ingestion and contribution policies to encourage open source exploration while managing legal risks. For ingestion, a matrix was developed to automatically approve low-risk scenarios and flag higher-risk cases for legal review. Process flows were also created for non-developer ingestion scenarios. The contribution policy clarified intellectual property ownership and required legal approval for contributions to minimize risks of unintentionally licensing patents. Lessons learned included taking time to adjust existing agreements, longer rollout times than expected, and treating company contributions as edge cases.