The NDIS Quality and Safeguards Commission (the Commission) is the independent Commonwealth regulator responsible for improving the quality and safety of NDIS supports and services across Australia. Every NDIS registered provider is accountable to the Commission, regardless of size, service type, or location.
Why It Matters
- Protects people with disability from harm and poor-quality supports — the Commission exists to ensure participants receive safe, effective services
- Promotes choice, inclusion and rights — regulatory oversight holds providers accountable to the rights of every participant
- Ensures providers deliver safe, effective and respectful services through systematic monitoring and enforcement
- Strengthens trust in the NDIS — consistent provider quality standards give participants and families confidence in the system
Who Does the Commission Regulate?
The Commission regulates all registered NDIS providers across Australia, including:
- NDIS disability service providers of all sizes and service types
- Mainstream providers delivering NDIS supports alongside other funded services
- Providers of all sizes — from sole traders and small organisations to large national providers
The Commission's Core Functions
- Set and uphold NDIS Practice Standards as the benchmark for quality service delivery
- Register and renew NDIS providers — assessing their suitability to deliver supports
- Monitor provider compliance through audits, data analysis, and complaints
- Investigate complaints and risks raised by participants, families, workers, and the public
- Take enforcement action when providers fail to meet their obligations
- Promote quality, safety and continuous improvement across the NDIS sector
What Every Registered Provider Must Know
| Area | What You Must Do |
|---|---|
| 1 — Registration Requirements | Meet identity and suitability requirements, comply with NDIS Practice Standards, have appropriate systems, policies and processes, and pay registration fees on time |
| 2 — NDIS Practice Standards | Comply with the NDIS Practice Standards at all times: Rights and Responsibilities, Participation and Inclusion, Outcomes, Feedback, Service Access, Service Management, and Human Resources |
| 3 — Monitoring and Assessment | The Commission monitors providers through data, reports, audits and visits using a risk-based approach to focus on quality and safeguarding risks — providers must complete all requested audits and assessments |
| 4 — Complaints and Reports | Anyone can make a complaint about an NDIS provider; providers must manage complaints effectively and ensure serious incidents are reported through the NDIS Reportable Incident Scheme |
| 5 — Enforcement Actions | If a provider does not comply, the Commission can issue compliance notices, registration conditions, fines, suspension, or cancellation of registration |
| 6 — Continuous Improvement | Providers are expected to embed quality and safety in their culture, learn from feedback and incidents, improve systems and practices, and deliver better outcomes for participants |
What Does the NDIS Commission Regulate?
The Commission has regulatory authority over all NDIS registered providers and, since July 2021, operates in all states and territories including Western Australia. Its remit covers:
- Compliance with the NDIS Practice Standards
- Compliance with the NDIS Code of Conduct
- Registration and renewal of NDIS providers
- Worker screening and the NDIS Worker Screening Check
- Reportable incident notifications and investigation
- Restrictive practices authorisation and reporting
- Behaviour support regulation
- Complaints about NDIS providers and workers
Your Six Key Obligations as a Registered Provider
| Obligation | What It Means in Practice |
|---|---|
| Comply with the Standards | Understand and meet all NDIS Practice Standards at all times — not just during audit periods |
| Deliver Safe and Quality Supports | Ensure supports are person-centred, safe, effective and respectful in every interaction |
| Manage Risks and Incidents | Identify risks, take action to reduce them and report serious incidents within required timeframes |
| Keep Accurate Records | Maintain complete, accurate and up-to-date records to demonstrate compliance at any time |
| Engage and Listen to Participants | Seek feedback, respond to concerns and involve participants in decisions about their own supports |
| Support Your Workforce | Ensure workers are suitably screened, trained and supported to deliver quality care |
The NDIS Practice Standards
The NDIS Practice Standards form the benchmark against which all registered providers are assessed. There are four core modules that all providers must meet, plus supplementary modules that apply based on registration groups:
- Module 1 (S1): Rights and Responsibilities
- Module 2 (S2): Governance and Operational Management
- Module 3 (S3): Provision of Supports
- Module 4 (S4): Support Provision Environment
- Supplementary: High Intensity Daily Personal Activities
- Supplementary: Specialist Behaviour Support
- Supplementary: Implementing Behaviour Support Plans
- Supplementary: Early Childhood Supports
AuditCore's Internal Audit AI maps your documentation and processes directly to each NDIS Practice Standard, identifying gaps before auditors do.
See Internal Audit AI →NDIS Code of Conduct
The NDIS Code of Conduct applies to all NDIS providers and their workers. It sets out seven obligations:
- Act with respect for individual rights to freedom of expression, self-determination, and decision-making
- Respect the privacy of people with disability
- Provide supports and services in a safe and competent manner
- Act with integrity, honesty, and transparency
- Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports
- Take all reasonable steps to prevent and respond to all forms of violence, exploitation, neglect, and abuse
- Take all reasonable steps to prevent and respond to sexual misconduct
Provider Registration and Renewal
To become an NDIS registered provider, organisations must apply through the Commission's myplace provider portal and undergo an approved quality audit. The registration pathway depends on the services you deliver:
- Verification pathway: For lower-risk supports (e.g., assistance with daily life, community participation). Involves a self-assessment against Module 1 and 2 of the Practice Standards.
- Certification pathway: For higher-risk supports (e.g., specialist behaviour support, SIL, high intensity daily personal activities). Requires a full audit by a Commission-approved Quality Auditor.
Registration is not permanent. Providers must renew every three years, which triggers another audit cycle. The Commission can also conduct unannounced audits at any time if it has concerns about compliance.
What Triggers a Commission Investigation?
The Commission can initiate compliance action based on:
- Reportable incident notifications — when a notification triggers concern about systemic issues
- Complaints from participants, families, or staff
- Information from other government agencies (e.g., NDIS Agency, state child protection, police)
- Mandatory reports from approved behaviour support practitioners
- Media reports or public interest disclosures
- Random or targeted compliance audits
Reportable Incidents and the 5-Day Rule
Registered NDIS providers are legally required to notify the Commission of reportable incidents involving NDIS participants. The notification must be made within 24 hours of becoming aware of a reportable incident if it involves death, abuse, neglect, or exploitation. Non-urgent incidents must be notified within 5 business days. Failure to notify is a civil penalty offence.
AuditCore automatically logs incidents, calculates your notification deadline, and generates the Commission-compliant notification template — so you never miss a reporting obligation.
See Incident Management →Restrictive Practices Oversight
The Commission has specific oversight powers over the use of regulated restrictive practices with NDIS participants. Providers must: obtain state/territory authorisation before using any regulated restrictive practice; ensure a behaviour support plan is in place; report the use of restrictive practices to the Commission monthly; and work toward reducing and eliminating restrictive practices over time.
Commission Enforcement Powers
If the Commission finds a provider is non-compliant, it has a range of enforcement tools including: compliance notices requiring specific actions; banning orders preventing individuals from providing NDIS supports; infringement notices (civil penalties); suspension or cancellation of registration; and referral to the Australian Federal Police or state police for criminal matters.
Common Risks the Commission Looks For
- Poor record keeping — missing, incomplete or inaccessible documentation is flagged in almost every compliance review
- Inadequate risk management — no risk register, outdated risks, or risks without mitigation actions
- Workers not suitably screened or trained — expired NDIS Worker Screening Checks or inadequate induction records
- Failure to report incidents — late or missing reportable incident notifications trigger automatic Commission attention
- Ignoring complaints or feedback — complaints not logged, responded to, or resolved demonstrate systemic failure
- Participant rights not upheld — evidence of coercion, lack of choice, or dignity failures is taken very seriously
- Lack of policies or poor implementation — having policies that do not match actual practice is as problematic as having no policies
Tips for Staying Commission-Compliant
- Know the NDIS Practice Standards inside and out — not just the headlines but the quality indicators your auditor will check
- Keep policies and procedures current and accessible — outdated documentation is one of the most common audit findings
- Train and support your staff regularly — workers who understand their obligations deliver better and safer supports
- Monitor quality and safety performance continuously — not just before an audit
- Encourage feedback and act on it — a responsive complaints system is evidence of a healthy organisation
- Report incidents and complaints on time — timeliness is a compliance requirement, not an aspiration
- Prepare for audits and site visits as an ongoing activity — continuous readiness eliminates pre-audit panic
- Embed a culture of quality and safeguarding — compliance is not a checkbox; it is how you run your organisation
How to Stay Commission-Compliant
Consistent compliance with the Commission's requirements comes down to systematic processes rather than pre-audit scrambles. Providers who maintain continuous compliance share these practices:
- Documented policies and procedures reviewed annually
- All incidents reported within required timeframes with full documentation
- Worker screening records current for every staff member and contractor
- Behaviour support plans in place before any restrictive practice is used
- Regular internal audits against the Practice Standards — at minimum annually
- A complaints register with documented responses and resolutions
- Governance structures that give the board visibility over compliance status
AuditCore's Policy Library stores all your compliance policies, tracks review dates, and sends alerts when policies are due for review — so you're never caught with outdated documentation.
See Policy Library →How AuditCore Helps You Stay Commission-Ready
AuditCore helps registered NDIS providers manage compliance, quality and safeguarding with confidence. The Big Picture: The NDIS Commission's goal is simple — safe, high-quality supports that empower people with disability to live the life they choose. Your compliance makes a difference. Quality builds trust.
- Compliance monitoring — real-time visibility of your compliance position across all Practice Standards
- Risk and incident management — automated reporting timelines, escalation alerts, and Commission notification templates
- Policy and document management — policy library with review dates, version control, and gap analysis
- Staff training and screening — worker compliance dashboard tracking induction, training, and screening check status
- Reports and dashboards — audit-ready reports and live compliance scores for governance oversight
- Alerts and reminders — automated notifications for every compliance deadline, review date, and expiry