A policy gap analysis compares your existing policy library against the full set of policies required by the NDIS Practice Standards. It identifies what you have, what you are missing, and what needs updating. AuditCore runs this analysis automatically against your policy register and produces a gap report you can act on immediately.
Why a Policy Gap Analysis Matters
- Ensures compliance with NDIS Practice Standards across all four standards
- Reduces audit findings and non-compliance before your auditor visits
- Protects participants and your organisation from foreseeable harm
- Demonstrates strong governance and due diligence to the NDIS Commission
What You Need Before You Start
- NDIS Practice Standards (all four standards and their quality indicators)
- NDIS (Incident Management and Reportable Incidents) Rules 2018
- NDIS Code of Conduct
- Relevant regulatory requirements and Commission guidance documents
- Your current policies and procedures — including version numbers and review dates
The 6-Step Policy Gap Analysis Process
- 1Define Scope — confirm which services, sites or teams are included in the analysis
- 2Gather Requirements — review NDIS Standards, laws, codes and Commission guidance
- 3List Your Current Policies — create an inventory of all existing policies and procedures with version and approval status
- 4Compare and Identify Gaps — compare your policies to the requirements and identify what is missing or weak
- 5Assess Risk and Prioritise — rate the risk of each gap and prioritise what to fix first
- 6Create an Action Plan — assign owners, set due dates and track gaps through to closure
Regular gap analysis helps you stay compliant as requirements and your services evolve. Review at least every 12 months or when changes occur.
NDIS Policy Gap Checklist: Mapped to S1–S4
| NDIS Standard | Example Policies | Common Gap Found | Risk Level | Action Required |
|---|---|---|---|---|
| S1: Rights and Responsibilities | Privacy and Confidentiality, Dignity of Risk, Feedback and Complaints, Human Rights | Dignity of Risk policy not found | HIGH | Develop policy and train staff |
| S2: Governance and Operational Management | Governance, Risk Management, Business Continuity, Records Management | Business Continuity plan not found | MEDIUM | Develop plan and policy |
| S3: Provision of Supports | Support Planning, Incident Management, Restrictive Practices, Complaints Management | Restrictive Practices policy is outdated | MEDIUM | Review and update policy |
| S4: Support Provision Environment | Infection Prevention, Emergency Management, Work Health and Safety, Environment of Care | Emergency Management policy missing | HIGH | Develop policy and test plan |
The Most Commonly Missing Policies
AuditCore's Policy Library maps your existing policies against every NDIS Practice Standard requirement — instantly showing which policies are missing, outdated, or incomplete.
Run a Policy Gap Analysis →After running gap analyses for NDIS providers across Australia, AuditCore consistently finds the same policies missing in organisations that have not completed a systematic review:
- Restrictive Practices Policy
- Incident Management Policy
- Feedback and Complaints Policy
- Business Continuity and Continuity of Supports Policy
- Emergency Management Policy
- Privacy and Confidentiality Policy
- Risk Management Policy
- Work Health and Safety Policy
- Whistle-blower Protection Policy
- LGBTQIA+ Inclusive Practice Policy
- Document Control Policy
- Cultural Safety Policy
Policies That Exist But Are Not Compliant
Having a policy is not enough if it does not reflect current requirements. The most common issues AuditCore finds in existing policies:
- References to repealed legislation or outdated NDIS Commission documents
- Complaints procedures that do not align with NDIS Commission timeframes
- Incident management policies that predate the Reportable Incidents Rules
- Privacy policies that do not address digital data and cloud storage
- Worker screening policies that do not reference the NDIS Worker Screening Act 2020
Every policy gap identified automatically creates a CI Register item — tracking the gap through to resolution with owner assignment and a due date.
See the CI Register →Tips for a Successful Gap Analysis
- Involve key stakeholders and subject matter experts — do not do it alone
- Use the NDIS Practice Standards as your baseline, not just your own judgement
- Keep an up-to-date policy register so you always know what you have
- Review at least every 12 months or when significant changes occur
- Document all decisions and retain evidence — this is what auditors look for
How AuditCore Runs the Gap Analysis
AuditCore maintains a master list of all policies required for NDIS registration — mapped to each Practice Standard indicator. When you upload or create policies in the platform, they are matched against this master list. The gap analysis dashboard shows you which required policies are present, which are missing, which are overdue for review, and which have currency issues. Before your audit, you run the gap analysis report and get a prioritised list of actions to take.
- Policy Register and Version Control — track every policy, version, review date and approval status
- Review Reminders and Alerts — never miss a policy review date again
- Gap Analysis Tools — instant visibility of missing and outdated policies mapped to Practice Standards
- Action Tracking and Assignment — assign gap remediation to owners with due dates
- Audit Evidence and Reporting — produce a complete gap analysis report ready for your auditor
- Real-time Insights and Dashboards — see your compliance status at a glance
Closing policy gaps now means fewer audit findings, better outcomes for participants, and a stronger, safer organisation. Don't wait for the audit to find the gaps — find them first.