A security policy can have multiple versions. Only one version, called the published version, is active at any one time.
When you change the published version of a policy, a Sandbox version is created. The published version remains active until you publish the Sandbox version, at which time it becomes active as the new published version. All old versions are retained until you delete them.
For information about publishing different versions of a policy, see Section 15.0, Publishing Policies.