diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
index abdfcdedaf..c91f18311c 100644
--- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
@@ -56,8 +56,4 @@ Because the {% data variables.product.prodname_secret_risk_assessment %} report
## Next steps
-Now that you know about the {% data variables.product.prodname_secret_risk_assessment %} report, you may want to learn how to:
-
-* Generate the report to see your organization risk. Navigate to {% data reusables.security-overview.navigate-to-risk-assessment %}.
-* Interpret the results of the report. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
-* Enable {% data variables.product.prodname_GH_secret_protection %} to improve your secret leak footprint. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection#enabling-secret-protection).
+To start analyzing your organization's secret risk, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk).
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk.md
new file mode 100644
index 0000000000..5891d34fe4
--- /dev/null
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk.md
@@ -0,0 +1,42 @@
+---
+title: 'Running the secret risk assessment for your organization'
+shortTitle: 'Assess your secret risk'
+intro: 'Determine your organization''s exposure to leaked secrets by generating a {% data variables.product.prodname_secret_risk_assessment %} report.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+type: how_to
+versions:
+ feature: secret-risk-assessment
+topics:
+ - Code Security
+ - Secret scanning
+ - Secret Protection
+ - Organizations
+ - Security
+---
+
+## Generating an initial {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+{% data reusables.security-overview.generate-secret-risk-assessment-report %}
+
+ {% data reusables.secret-risk-assessment.notification-report-ready %}
+
+## Rerunning the {% data variables.product.prodname_secret_risk_assessment %}
+
+> [!NOTE]
+> You can only generate a secret risk assessment report once every 90 days.
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Towards the top right side of the existing report, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
+1. Select **Rerun scan**.
+
+ {% data reusables.secret-risk-assessment.notification-report-ready %}
+
+## Next steps
+
+Now that you've generated a {% data variables.product.prodname_secret_risk_assessment %} report for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv.md
new file mode 100644
index 0000000000..6fdf4356f2
--- /dev/null
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv.md
@@ -0,0 +1,25 @@
+---
+title: 'Exporting the secret risk assessment report to CSV'
+shortTitle: 'Export risk report CSV'
+intro: 'Export the {% data variables.product.prodname_secret_risk_assessment %} report to a CSV file for detailed investigation and stakeholder sharing.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+type: how_to
+versions:
+ feature: secret-risk-assessment
+topics:
+ - Code Security
+ - Secret scanning
+ - Secret Protection
+ - Organizations
+ - Security
+---
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Towards the top-right side of the report, select the {% octicon "kebab-horizontal" aria-label="More options" %} dropdown menu, then click {% octicon "download" aria-hidden="true" aria-label="download" %} **Download CSV**.
+
+## Next steps
+
+To better understand the fields of your CSV file, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents).
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
index ec77bf0a72..9c133af6d4 100644
--- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
@@ -12,7 +12,10 @@ topics:
- Security
children:
- /about-secret-risk-assessment
+ - /assess-your-secret-risk
- /viewing-the-secret-risk-assessment-report-for-your-organization
+ - /export-risk-report-csv
+ - /risk-report-csv-contents
- /interpreting-secret-risk-assessment-results
- /choosing-github-secret-protection
- /calculating-the-cost-savings-of-push-protection
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md
index 881b7253df..90b87d4550 100644
--- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md
@@ -23,7 +23,7 @@ In this tutorial, you'll interpret your secret risk assessment results, and lear
## Prerequisites
-You must generate a {% data variables.product.prodname_secret_risk_assessment %} report and wait for the scan to complete. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment).
+You must generate a {% data variables.product.prodname_secret_risk_assessment %} report and wait for the scan to complete. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk).
## Step 1: Understand your dashboard metrics
@@ -71,7 +71,7 @@ If you see **many secrets of the same type** (for example, multiple AWS keys), t
* Developers may not be using environment variables
* Missing documentation on secret management
-## Step 5: Prioritizing remediation and related actions
+## Step 5: Prioritize remediation and related actions
Now that you understand the metrics, prioritize remediation based on risk.
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents.md
new file mode 100644
index 0000000000..bd1cd26410
--- /dev/null
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents.md
@@ -0,0 +1,32 @@
+---
+title: 'Contents of the secret risk assessment report CSV'
+shortTitle: 'Risk report CSV contents'
+intro: 'Understand the data included in the CSV export of the {% data variables.product.prodname_secret_risk_assessment %} report.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+type: reference
+versions:
+ feature: secret-risk-assessment
+topics:
+ - Code Security
+ - Secret scanning
+ - Secret Protection
+ - Organizations
+ - Security
+---
+
+The {% data variables.product.prodname_secret_risk_assessment %} report CSV file includes the following information:
+
+| CSV column | Name | Description |
+| ---------- | ---------------------- | --------------------------------------------------------- |
+| A | `Organization Name` | The name of the organization the secret was detected in |
+| B | `Name` | The token name for the type of secret |
+| C | `Slug` | The normalized string for the token. This corresponds to `Token` in the table of supported secrets. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). |
+| D | `Push Protected` | A `boolean` to indicate whether the secret would be detected and blocked by push protection if it were enabled |
+| E | `Non-Provider Pattern` | A `boolean` to indicate whether the secret matched a non-provider pattern and would generate an alert if {% data variables.product.prodname_secret_scanning %} with non-provider patterns were enabled |
+| F | `Secret Count` | An aggregate count of the active and inactive secrets found for the token type |
+| G | `Repository Count` | An aggregate count of distinct repositories in which the secret type was found, including public, private,{% ifversion ghec or ghes %} internal,{% endif %} and archived repositories |
+
+## Next steps
+
+To learn which secrets you should prioritize for remediation, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results#step-5-prioritizing-remediation-and-related-actions).
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
index 1da3a7007d..71ce15a8b4 100644
--- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
@@ -1,7 +1,7 @@
---
title: 'Viewing the secret risk assessment report for your organization'
-shortTitle: 'View secret risk assessment'
-intro: 'You can generate and view the {% data variables.product.prodname_secret_risk_assessment %} report for your organization from the "Security" tab.'
+shortTitle: 'View risk report'
+intro: 'Understand your organization''s exposure to leaked secrets at a glance by viewing your most recent {% data variables.product.prodname_secret_risk_assessment %} report.'
product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
allowTitleToDifferFromFilename: true
@@ -16,65 +16,6 @@ topics:
- Security
---
-{% data reusables.secret-risk-assessment.report-intro %} {% data reusables.secret-risk-assessment.link-conceptual-information %}
-
-You can generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization, review it, and export the results to CSV.
-
-## Generating an initial {% data variables.product.prodname_secret_risk_assessment %}
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.security-overview %}
-{% data reusables.security-overview.open-assessments-view %}
-{% data reusables.security-overview.generate-secret-risk-assessment-report %}
-
-{% data reusables.secret-risk-assessment.notification-report-ready %}
-
-{% note %}
-
-Did you successfully generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization?
-
-Yes No
-
-{% endnote %}
-
-## Rerunning the {% data variables.product.prodname_secret_risk_assessment %}
-
-{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %}
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.security-overview %}
-{% data reusables.security-overview.open-assessments-view %}
-1. Towards the top right side of the existing report, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
-1. Select **Rerun scan**.
-
- {% data reusables.secret-risk-assessment.notification-report-ready %}
-
-## Viewing the {% data variables.product.prodname_secret_risk_assessment %}
-
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-assessments-view %} You can see the most recent report on this page.
-
-## Exporting the {% data variables.product.prodname_secret_risk_assessment %} to CSV
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.security-overview %}
-{% data reusables.security-overview.open-assessments-view %}
-1. Towards the top right side of the report, click {% octicon "kebab-horizontal" aria-label="More options" %}.
-1. Select **Download CSV**.
-
-The {% data variables.product.prodname_secret_risk_assessment %} CSV file includes the following information.
-
-| CSV column | Name | Description |
-| ---------- | ---------------------- | --------------------------------------------------------- |
-| A | `Organization Name` | The name of the organization the secret was detected in |
-| B | `Name` | The token name for the type of secret |
-| C | `Slug` | The normalized string for the token. This corresponds to `Token` in the table of supported secrets. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). |
-| D | `Push Protected` | A `boolean` to indicate whether the secret would be detected and blocked by push protection if it were enabled |
-| E | `Non-Provider Pattern` | A `boolean` to indicate whether the secret matched a non-provider pattern and would generate an alert if {% data variables.product.prodname_secret_scanning %} with non-provider patterns were enabled |
-| F | `Secret Count` | An aggregate count of the active and inactive secrets found for the token type |
-| G | `Repository Count` | An aggregate count of distinct repositories in which the secret type was found, including public, private,{% ifversion ghec or ghes %} internal{% endif %}, and archived repositories |
-
-## Next steps
-
-Now that you've generated {% data variables.product.prodname_secret_risk_assessment %} for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
diff --git a/data/reusables/gated-features/secret-risk-assessment-report.md b/data/reusables/gated-features/secret-risk-assessment-report.md
index 35a39767d7..fe8a832637 100644
--- a/data/reusables/gated-features/secret-risk-assessment-report.md
+++ b/data/reusables/gated-features/secret-risk-assessment-report.md
@@ -1 +1 @@
-{% data variables.product.prodname_secret_risk_assessment_caps %} is available for free in organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}
+Free for organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}