Essential NDIS Compliance Policies: The Complete Checklist for Registered Providers

The NDIS Practice Standards do not prescribe an exact list of policies, but auditors assess whether your policies and procedures demonstrate how you meet each standard in practice. A policy that exists on paper but does not reflect what your workers actually do is a liability, not an asset. This checklist covers the policies auditors expect to see and what each must address.

Governance and Management Policies (Practice Standard 2)

• Risk Management Policy — how your organisation identifies, assesses, and manages operational and compliance risks
• Complaints and Feedback Policy — how participants and others can raise complaints, timeframes for response, escalation pathways, and how outcomes are communicated
• Incident Management Policy — definition of a reportable incident, notification responsibilities and timeframes, investigation process, and corrective action
• Continuous Improvement Policy — how your organisation uses data from audits, incidents, and complaints to improve
• Conflict of Interest Policy — how conflicts are identified, disclosed, and managed
• Privacy and Confidentiality Policy — how participant and worker information is collected, stored, accessed, and disposed of
• Financial Management Policy — financial controls, authorisation limits, fraud prevention
• Governance Policy — board roles and responsibilities, meeting requirements, oversight of management

Rights and Responsibilities Policies (Practice Standard 1)

• NDIS Code of Conduct Policy — your organisation's obligations under the Code and how breaches are managed
• Participant Rights Policy — how you uphold participant rights including the right to make choices, access information, and raise concerns
• Dignity and Respect Policy — zero tolerance for abuse, neglect, and exploitation, with definitions and reporting obligations
• Informed Consent Policy — how consent is obtained, documented, and reviewed for all supports
• Advocacy and Decision-Making Support Policy — how you support participants to exercise decision-making and access advocacy
• Cultural Safety Policy — how services are delivered in a culturally safe and responsive way

Support Delivery Policies (Practice Standard 3)

• Service Agreement Policy — how service agreements are developed, explained, and reviewed with participants
• Support Planning Policy — how individual support plans are developed, implemented, monitored, and reviewed
• Person-Centred Practice Policy — how your organisation delivers supports based on individual goals and preferences
• Transition and Exit Policy — how supports transition between providers, how services are ended, and how handover documentation is managed
• Medication Management Policy (if applicable) — storage, administration, documentation, and error reporting for medications

Environment and Safety Policies (Practice Standard 4)

• Work Health and Safety Policy — obligations under WHS legislation, risk identification, incident reporting, and worker responsibilities
• Emergency Management Policy — emergency procedures for each service location, evacuation plans, and training requirements
• Infection Control Policy — standard precautions, PPE requirements, outbreak management
• Food Safety Policy (if applicable) — safe food handling for meal preparation supports
• Vehicle Safety Policy (if applicable) — driver requirements, vehicle maintenance, participant transport protocols

Worker Management Policies

• Recruitment and Selection Policy — NDIS Worker Screening Check requirements, reference checking, working with vulnerable people checks
• Induction Policy — what must be covered before a worker begins, documentation requirements, sign-off process
• Supervision and Performance Management Policy — supervision frequency, format, documentation, and performance review process
• Training and Professional Development Policy — mandatory training requirements, currency expectations, funding support
• Code of Conduct — specific to your organisation, reflecting the NDIS Code of Conduct and your organisational values
• Disciplinary and Dismissal Policy — how performance and conduct issues are managed, natural justice obligations
• Whistleblower Policy — how workers can raise concerns without fear of retaliation

Behaviour Support and Restrictive Practices Policies (if applicable)

• Behaviour Support Policy — approach to positive behaviour support, role of behaviour support practitioners, documentation requirements
• Restrictive Practices Policy — types of restrictive practices, authorisation requirements, reporting obligations, reduction goals
• Prohibited Practices Policy — explicit statement of practices that are never permitted regardless of circumstances

Policy Review Requirements

Having policies is not sufficient — they must be current. NDIS auditors check:

• When was the policy last reviewed? Policies not reviewed in the past 12 months are flagged.
• Does the policy reflect current legislation and NDIS Commission guidelines?
• Has the policy been reviewed in response to incidents, complaints, or regulatory changes?
• Are workers able to access policies — is the location documented and are workers aware of it?
• Is there evidence workers have read key policies — signed acknowledgements or training completion records?

Policy Review Schedule

Best practice is to review all policies annually as a minimum. High-risk policy areas — incident management, restrictive practices, behaviour support — should be reviewed after every significant incident in those areas, regardless of when the annual review is due. Build your policy review schedule into your continuous improvement calendar.