Policies define the overall settings for data security scanning. They determine what you are looking for, where you are looking for it, and how you want to handle any findings.