Policy management is not a set-and-forget activity. The NDIS Commission expects your policies to reflect your current practice, current legislation, and current NDIS Commission guidance. AuditCore tracks the review date of every policy in your library and sends alerts when reviews are due — so policies never quietly expire on a forgotten shared drive.
Why Policy Reviews Matter
- Maintain compliance with NDIS requirements and Practice Standards
- Ensure policies reflect current laws, standards and Commission guidance
- Improve service quality and consistency across your organisation
- Reduce risk and support a culture of continuous improvement
- Prepare for NDIS audits with confidence — auditors check review dates
The NDIS Requirement
The NDIS Practice Standards require providers to have effective governance and risk management systems, including regularly reviewing and updating policies and procedures. There is no one-size-fits-all timeframe in the standards — reviews must be regular, systematic and documented. Auditors expect a minimum of annual review for most operational policies, and more frequent reviews for high-risk policies or those linked to regulatory requirements.
How Often Should You Review Each Policy?
| Policy Category | Minimum Review Frequency | Review Triggers (Review Earlier If...) | Examples |
|---|---|---|---|
| High Risk – Participant Safety and Wellbeing | Every 12 months (or sooner if changes occur) | Incident or serious event; Change in legislation or standards; New risks identified; Changes to service delivery | Incident Management, Safeguarding, Restrictive Practices, Behaviour Support |
| Workforce Management | Every 12 months | Changes in employment law; Award or pay rate changes; Role or organisational changes; Complaints or issues identified | Code of Conduct, Recruitment, Supervision, Training |
| Governance and Compliance | Every 12 months | Changes in legislation or guidelines; NDIS Commission updates; Audit findings; Organisational changes | Governance, Risk Management, Privacy and Confidentiality, Complaints Management |
| Operational Policies | Every 12 months | Changes to processes or systems; New technology or tools; Feedback from staff or participants; Audit or quality review findings | Service Delivery, Medication Management, Transport, Record Keeping |
| Low Risk / Administrative | Every 24 months | Minor updates in process; Forms or templates updated; Routine continuous improvement | Document Control, Communication, Meeting Procedures |
| NDIS Information and Factsheets | Every 6–12 months | NDIS updates; Changes to pricing or processes; New resources released | Participant Information, Fees and Charges, Service Agreements (templates) |
If a policy is triggered for early review, review it as soon as practicable and update your records.
Policies That Should Be Reviewed Annually
AuditCore's Policy Library automatically schedules policy review dates and sends reminders when policies are due — so your documents are always current for your next audit.
See the Policy Library →- Incident management policy — especially if there have been incidents that revealed process gaps
- Risk management policy — as part of your annual risk register review
- Complaints management policy
- Worker screening and HR policy
- Privacy and information management policy
- Code of conduct
Trigger-Based Reviews — When Annual Is Not Enough
Some events should trigger an immediate policy review regardless of when the last scheduled review occurred. AuditCore flags these trigger events and links them to the relevant policy for review.
- NDIS Commission issues new or amended guidelines
- A serious incident reveals a gap in your process
- A complaint highlights a policy that does not reflect actual practice
- A change in your registration or service types
- A change in key legislation (Privacy Act, NDIS Act, state WHS laws)
- A major organisational change — new CEO, significant structural change
What Auditors Check About Your Policies
- Review date — is the policy current?
- Approval record — who approved the review and when?
- Version control — is there a clear version history?
- Accessibility — can workers find and access the policy?
- Currency — does the policy reference current legislation?
- Practice alignment — does the policy reflect what your workers actually do?
Policy Review Checklist
- Set review frequency for each policy based on risk level
- Identify review triggers relevant to each policy
- Assign a named person responsible for conducting each review
- Conduct the review and check for legislative currency
- Update policy content and increment the version number
- Record the review date and set the next review date
- Obtain approval for the updated policy from the appropriate authority
- Communicate changes to relevant staff
- Store and manage the current version in a centralised, accessible location
- Monitor and improve continuously — use audit findings and incidents to inform reviews
Best Practice Tips
- Create a policy register with review dates and named owners
- Use automated reminders to stay on track — do not rely on memory
- Document each review and any changes made in the version history
- Involve relevant staff and stakeholders in the review process
- Keep policies clear, practical and accessible to frontline workers
How AuditCore Manages Policy Review
Every policy in AuditCore has a review date, a responsible owner, and an approval record. AuditCore sends review reminders at 60 days, 30 days, and 7 days before the review date. When the review is complete, you update the review date in AuditCore and the new date is locked in the version history. Your policy register always shows the current state of every policy — including which ones are overdue.
- Automated Review Reminders — never miss a policy review date again
- Version Control and History — every change is tracked and timestamped
- Assign Owners and Approvals — named responsibility for every policy
- Centralised Policy Library — all policies in one accessible place
- Reports for Audits and Insights — demonstrate systematic review to your auditor
Review your policies at least every 12 months, or sooner if there are changes that impact your services or obligations. Regular reviews demonstrate effective governance, reduce risk and support better outcomes for participants.