Because FOSS is readily downloadable, it bypasses normal procurement practices -- which is why you may already be using free software without realizing the fact. A developer can download a piece of free software in minutes, and, in doing so, not only expose the company to possible security risks, but also to obligations and possible license violations that it has no way to track.
To address these concerns, a new field called FOSS governance is starting to emerge, with companies like Black Duck Software, Palamida, and, most recently, Hewlett-Packard, offering software audits of the FOSS currently in your networks. They also offer consulting services to set up software and practices to help you track your FOSS use in the future. In conjunction with The Linux Foundation, Hewlett-Packard also offers FOSSBazaar, a forum and resource center for governance issues.
The Internet teems with FOSS resources, the most useful of which are often user forums or IRC channels maintained by a project or business. Although newcomers to FOSS are often suspicious of these resources, in practice these forums are quicker to respond than most paid technical support. Often, they produce a reply in a matter of minutes. Your main problem will not be lack of an answer, but getting so many that you have to sort through and evaluate them.
For small to medium sized businesses, especially ones whose officers have technical expertise, these online resources are more than enough. However, larger companies, or public ones that need to answer to a board of directors, will probably prefer a more formal paid service. There may be no practical reason for this preference other than tradition, but it is widespread all the same.
However, if paid services are your preference, that makes your selection of FOSS easier. You will probably want to avoid community-based software, such as Debian GNU/Linux, which rely on online services, and focus instead on such choices as Red Hat Enterprise Linux, which offer the sort of services with which you are most comfortable.
The same is true of training and certification, although in addition to software distributors, you might also consider independent training companies such as the Linux Professional Institute and CompTIA.
Whether you realize the fact or not, when you introduce FOSS into your business, you are entering into a relationship with the community that builds it. Moreover, your reputation within this community can be as crucial to your success as your relationships with formal business partners. You might want to think of your community relationships as public relations under a different name.
Even though FOSS developers often work for large corporations these days, much of the community remains suspicious of the motivations of any company involved with FOSS. For this reason, alleviation of this suspicion should be one of your first goals. Do not, for example, make the mistake of thinking that you can use FOSS for your own ends and not give anything back -- not only does the FOSS community consist of deeply intelligent people, but its members have seen such efforts at manipulation many times before.
Another way to ensure good relations with the community is to demonstrate that your company supports community ideals. The best way to demonstrate this support is to contribute free code, but almost as good is to imitate Google and sponsor events that aid the community, such as development sprints or conferences. Even the donation of a few thousand dollars is welcome in projects that are often short of funds.
By contrast, you want to avoid imitating Xara, the popular graphics editor, which initially received enthusiastic support for releasing the code for the GNU/Linux version of its flagship product, only to damn itself in the eyes of the community by abruptly deciding to keep core functionality of its software proprietary. The company looked both manipulative and deceitful, and its move into the FOSS market failed.