It’s critical that the entire organization is aware of the bounty program, especially if you are doing a public program, and that relevant groups know how to respond or react to information around it. Company-wide processes will ensure the timely review and remediation of found issues, as well as prioritization guidelines over existing work. These processes may involve creating templates and workflows, or integrating with internal development tools.
While it’s most important that the IT folks are well informed and directed, it’s also integral that the security lead or team understands the extent to which this will impact other departments. For example, marketing or sales staff should be aware of testing on public website forms, and customer service staff should be prepared to field related questions, etc. Undoubtedly, there will be a learning process when getting started, but being aware and addressing questions prior to launch will spare more than a few headaches and some last minute scrambling.