Defining one MSP to represent each division. This would involve specifying for each division, a set of certificates for root CAs, intermediate CAs, and admin Certs, such that there is no overlapping certification path across MSPs. This would mean that, for example, a different intermediate CA per subdivision is employed. Here the disadvantage is the management of more than one MSPs instead of one, but this circumvents the issue present in the previous approach. One could also define one MSP for each division by leveraging an OU extension of the MSP configuration. (Source:http://hyperledger-fabric.readthedocs.io/en/latest/msp.html
Once you have configured the MSP, find the channel that stipulated the transaction that needs to be endorsed and
then create an endorsement policy for that channel.
Ex: Suppose you have the identifiers Org1, Org2 and Org3 for the departments, then the code should be:
AND('Org1.member', 'Org2.member', 'Org3.member')