Security policy is a configuration in JSON format, that is attached to a group, in order to `instruct` how AquilaX scanner and engine needs to behave.
You can imagine this as a set of configuration mapped into a file. Each organization can have one or multiple groups, and each group have one configuration (Security policy) defined.