I recommend that you read this post and watch the video https://community.mcafee.com/community/business/data/epoenc/blog/2011/09/19/gett ing-started-with-endpoint-encryption-for-files-and-folders-v4 The video shows how to assign specific keys to specific people using policy assignment rules. That is the best route for departmental keys. It also has a link to a KB that explains the policy creation workflow.
In short, policy assignment rules (user based) are what you are looking for. So that means you will have to create a grant keys policy for each department, and then go into policy assignment rules and associate each of those grant keys policy with the correct people/departments based on their AD group membership.
Also i recommend to get a well defined name convention for eeff keys for best practices, and align the group membership name with that eeff. If you maintain a good name convention you can obtain a better managment to apply the keys..