The NDIS Practice Standards include supplementary modules that apply to providers delivering specific high-risk support types. The modules covering specialist behaviour support, implementing behaviour support plans, and the use of regulated restrictive practices represent the highest-risk compliance area in the NDIS framework. Non-compliance here has led to registration cancellations, banning orders, and criminal referrals.
Practice Standard 5 at a Glance
| Area | Provider Obligation | This Includes |
|---|---|---|
| Critical Incidents | Providers must prevent, respond to, report and learn from critical incidents | Responding promptly and effectively; notifying the NDIS Commission within 5 days; providing support to participants and others affected; learning from incidents to prevent recurrence |
| Restrictive Practices | Providers must ensure restrictive practices are used only as a last resort and in line with the law | Assessing risks and exploring alternatives; using the least restrictive option; only authorised, trained workers; monitoring, recording and reviewing all restrictive practices |
Our commitment: We uphold the rights, dignity and safety of participants in everything we do.
What Is a Critical Incident?
A critical incident is an event that has, or could reasonably be expected to have, a severe impact on the health, safety or well-being of a participant. Providers must have systems to prevent, respond to, report, and learn from every critical incident.
- Death of a participant
- Serious injury to a participant
- Abuse or neglect of a participant
- Unauthorised use of a restrictive practice
- Missing person — a participant whose whereabouts are unknown
- Sexual misconduct involving a participant
- Suicide attempt by a participant
- Serious illness requiring emergency medical care
The Four-Step Reporting Process
| Step | Action | What This Means |
|---|---|---|
| 1 — Respond | Take immediate action to ensure safety and provide appropriate support | Ensure the participant and others involved are safe; call emergency services if required; provide immediate support and first aid |
| 2 — Notify | Notify the NDIS Commission within 5 days of becoming aware of the incident | Submit the reportable incident notification through the Commission portal — within 24 hours for death, abuse, neglect, or exploitation |
| 3 — Document | Keep accurate records of the incident, actions taken and outcomes | Record what happened, who was involved, immediate actions, follow-up actions, and participant response — in detail |
| 4 — Review & Improve | Analyse incidents to identify trends and implement preventative actions | Conduct a root cause analysis, update procedures if needed, and document the learnings in your CI Register |
Who Does Practice Standard 5 Apply To?
Three supplementary modules govern this area and apply based on registration groups:
- Specialist Behaviour Support module: Applies to providers registered to deliver specialist behaviour support — typically behaviour support practitioners who develop behaviour support plans.
- Implementing Behaviour Support Plans module: Applies to providers who implement the strategies in a behaviour support plan, including using regulated restrictive practices. Most disability service providers fall into this category.
- High Intensity Daily Personal Activities module: Applies to providers delivering complex bowel care, tracheostomy care, ventilator management, and similar high-intensity supports.
Regulated Restrictive Practices: The Five Types
The NDIS framework defines five types of regulated restrictive practices:
- Seclusion: Confining a person alone in a room or area they cannot freely leave
- Chemical restraint: Using medication to influence behaviour (not prescribed for a medical condition)
- Mechanical restraint: Using devices to restrict movement (e.g., lap belts, mittens)
- Physical restraint: Bodily force to restrict movement
- Environmental restraint: Restricting access to specific objects or locations
Each of these requires specific authorisation under the relevant state or territory legislation before use. The NDIS Commission does not provide that authorisation — it is issued by state guardianship tribunals or equivalent bodies. The Commission's role is to monitor reporting compliance and ensure providers are working toward reduction and elimination.
AuditCore's Behaviour Support module tracks restrictive practice authorisations, monitors reporting obligations, and alerts you when monthly reports to the Commission are due.
See Behaviour Support →Restrictive Practices: Six Key Requirements
| Requirement | What Providers Must Do |
|---|---|
| Risk Assessment | Identify risks to the participant or others and consider positive behaviour support and alternative strategies before any restrictive practice is considered |
| Last Resort | Restrictive practices are used only when all other options are ineffective or inappropriate — never as a first response or for convenience |
| Authorised and Trained Workers | Only workers who are authorised and trained in restrictive practices can use them — unauthorised use is a reportable incident |
| Least Restrictive | Use the least restrictive option that is safe and effective for the shortest time possible — always seek to reduce and eliminate |
| Monitor and Document | Monitor the practice, document each use and the participant's response every time — accurate documentation is a legal requirement |
| Review Regularly | Review the plan, risk assessment and use of restrictive practices regularly — at minimum annually and whenever circumstances change |
What Providers Must Have in Place
Before Using Any Restrictive Practice
- State/territory authorisation obtained (or emergency authorisation for unplanned use)
- A current behaviour support plan developed by an NDIS-registered behaviour support practitioner
- Evidence that the restrictive practice is the least restrictive option available
- Worker training on the specific plan and how to implement it safely
- Documented consent from the participant or their authorised representative
Ongoing Obligations
- Monthly reporting to the NDIS Commission on all regulated restrictive practice use via the Commission portal
- Regular review of the behaviour support plan (at minimum annually, or when circumstances change)
- Documentation of every instance of restrictive practice use — time, duration, reason, worker, outcome
- A reduction plan with measurable goals toward eliminating the restrictive practice
- Incident reporting where any restrictive practice use results in injury or distress
Documentation Must Include for Every Use
- Reason for using the restrictive practice on this occasion
- Type of restrictive practice used
- Date, time and duration of use
- People involved — participant, workers, anyone else present
- Behaviour observed and participant response during and after
- Strategies used and their effectiveness
- Any injury or concern that arose
- Review date and outcome of the review
The Legal Framework
- Respects the rights and dignity of the participant at all times
- Promotes choice and control — restrictive practices must never override a participant's rights unnecessarily
- Ensures cultural safety — practices must be appropriate to the participant's cultural context
- Seeks to prevent harm — the primary purpose is always participant safety, not staff convenience
- Supports positive behaviour and inclusion as the goal of any behaviour support plan
- Complies with the NDIS Act 2013, the NDIS (Restrictive Practices and Behaviour Support) Rules 2018 and relevant state/territory laws
Participant Rights Under Practice Standard 5
Participants have the right to be safe, to be treated with respect, and to live free from abuse, neglect and unnecessary restriction. Providers must involve participants and their representatives in all decisions and reviews relating to restrictive practices — their voice is not optional, it is a legal requirement.
Critical Incident Obligations for High-Risk Supports
For providers delivering specialist supports, critical incidents carry heightened reporting obligations. A critical incident in the context of behaviour support includes:
- Any injury sustained during the use of a restrictive practice
- Unplanned or emergency use of a restrictive practice
- A participant seriously harming themselves or others
- A near-miss where injury was narrowly avoided
- Significant property damage associated with a behavioural incident
- Police involvement in a behavioural incident
These incidents must be notified to the Commission within 24 hours (same-day notification for death or serious injury). The incident notification must include the nature of the incident, the supports being provided at the time, immediate actions taken, and the planned follow-up.
Behaviour Support Plans: Minimum Requirements
A compliant behaviour support plan must be developed by an NDIS-registered behaviour support practitioner and include:
- A functional behaviour assessment identifying triggers and functions of behaviour
- Person-centred goals that reflect the participant's wishes
- Proactive strategies — environmental modifications, communication supports, skill-building activities
- Reactive strategies — what staff should do when behaviour of concern occurs
- Details of any regulated restrictive practices including authorisation references
- A reduction plan with specific, measurable timelines for reducing restrictive practice use
- Crisis and emergency protocols
- Evidence of the participant's and their support network's involvement in developing the plan
AuditCore's Document Generation module includes behaviour support plan templates pre-mapped to Commission requirements, so practitioners can produce compliant plans faster.
See Document Generation →The 5-Step Compliance Process
- 1Prevent — Assess risks, promote well-being and use positive behaviour support strategies before any restrictive practice becomes necessary
- 2Respond — Act quickly to ensure safety and provide appropriate support to everyone involved when an incident or restrictive practice use occurs
- 3Notify and Report — Notify the NDIS Commission within 5 days and inform all relevant parties in line with your incident management policy
- 4Record and Review — Document accurately and review incidents and restrictive practice use regularly to identify patterns and improvement opportunities
- 5Learn and Improve — Implement actions from learnings to continually improve safety and quality, and update the behaviour support plan accordingly
Common Risks to Avoid
- Failing to report critical incidents within the required 5-day timeframe — this is a civil penalty offence
- Using restrictive practices without authorisation or without trained workers — both are reportable incidents
- Not documenting restrictive practice use accurately or completely — incomplete records are an audit finding
- Not considering alternatives to restrictive practices — last resort must be demonstrable, not just stated
- Not reviewing and learning from incidents — a pattern of unremedied incidents can trigger Commission investigation
- Not involving participants in planning and reviews — this is a legal requirement, not a recommendation
What Practice Standard 5 Compliance Means for Your Service
- Safer participants and workers — robust systems reduce the frequency and severity of critical incidents
- Stronger systems and governance — S5 compliance requires documentation and oversight that strengthen your whole organisation
- Better outcomes and continuous improvement — learning from incidents drives genuine quality improvement
- Regulatory compliance — documented, auditable evidence of compliance protects your registration
- Greater confidence from participants, families, and stakeholders — transparent, rights-respecting practice builds trust
Common Audit Failures in This Area
The NDIS Commission's compliance reports consistently identify these failures in audits of providers implementing behaviour support plans:
- Restrictive practices being used without current state/territory authorisation
- Monthly Commission reports not submitted, or submitted late
- Behaviour support plans not reviewed when there is a significant change in the participant's circumstances
- Workers implementing restrictive practices with no training or without reading the behaviour support plan
- Incident reporting not linked to restrictive practice use — incidents recorded but not flagged for Commission notification
- No reduction plan or reduction plan with no measurable progress
How AuditCore Manages These Obligations
AuditCore's Behaviour Support module creates a single source of truth for every participant who has a behaviour support plan involving restrictive practices. Each plan is linked to its authorisation documents, reporting schedule, and incident history. The system generates monthly Commission report reminders and flags plans that are overdue for review. Workers can access their assigned plans with training records attached, so there is always documented evidence of competency.
- Policy and procedure management — all behaviour support policies stored, reviewed and version-controlled
- Staff compliance tracking — worker authorisation, training records, and plan access all in one place
- Incident tracking and reporting — critical incidents logged with countdown to Commission notification deadline
- Document management — behaviour support plans, authorisations, and review records linked and retrievable
- Audit and compliance monitoring — real-time S5 compliance score with gap identification
- Alerts and reminders — automated notifications for monthly Commission reports, plan reviews, and authorisation renewals