Policy management is not a set-and-forget activity. The NDIS Commission expects your policies to reflect your current practice, current legislation, and current NDIS Commission guidance. AuditCore tracks the review date of every policy in your library and sends alerts when reviews are due — so policies never quietly expire on a forgotten shared drive.
The Minimum Review Requirement
The NDIS Practice Standards do not specify an exact review frequency for every policy. However, auditors expect a minimum of annual review for most operational policies, and more frequent reviews for high-risk policies or those linked to regulatory requirements. "We haven't reviewed this since we set up" is a red flag for auditors.
Policies That Should Be Reviewed Annually
AuditCore's Policy Library automatically schedules policy review dates and sends reminders when policies are due — so your documents are always current for your next audit.
See the Policy Library →- Incident management policy — especially if there have been incidents that revealed process gaps
- Risk management policy — as part of your annual risk register review
- Complaints management policy
- Worker screening and HR policy
- Privacy and information management policy
- Code of conduct
Trigger-Based Reviews — When Annual Is Not Enough
Some events should trigger an immediate policy review regardless of when the last scheduled review occurred. AuditCore flags these trigger events and links them to the relevant policy for review.
- NDIS Commission issues new or amended guidelines
- A serious incident reveals a gap in your process
- A complaint highlights a policy that does not reflect actual practice
- A change in your registration or service types
- A change in key legislation (Privacy Act, NDIS Act, state WHS laws)
- A major organisational change — new CEO, significant structural change
What Auditors Check About Your Policies
- Review date — is the policy current?
- Approval record — who approved the review and when?
- Version control — is there a clear version history?
- Accessibility — can workers find and access the policy?
- Currency — does the policy reference current legislation?
- Practice alignment — does the policy reflect what your workers actually do?
How AuditCore Manages Policy Review
Every policy in AuditCore has a review date, a responsible owner, and an approval record. AuditCore sends review reminders at 60 days, 30 days, and 7 days before the review date. When the review is complete, you update the review date in AuditCore and the new date is locked in the version history. Your policy register always shows the current state of every policy — including which ones are overdue.