Does the NDIS Code of Conduct apply to all workers, including contractors and volunteers?

Yes. The NDIS Code of Conduct applies to all NDIS providers and their workers, which includes employees, contractors, volunteers, and students on placement. The provider is responsible for ensuring all personnel in roles involving contact with participants understand and comply with the Code.

What happens if a worker breaches the Code of Conduct?

The NDIS Commission can investigate alleged breaches and impose sanctions, including banning orders, against providers or workers. Providers are also expected to have their own internal investigation and disciplinary processes in place and may be required to report serious conduct incidents to the Commission.

How often should a Code of Conduct policy be reviewed?

As a minimum, the policy should be reviewed annually and whenever there is a material change to NDIS Commission requirements, your registration groups, or your service environment. Document the review date and the approving officer in your version control table.

What is the difference between the NDIS Code of Conduct and the NDIS Practice Standards?

The Code of Conduct sets out behavioural obligations for providers and workers — how they must treat participants. The Practice Standards set out the organisational and systems requirements providers must meet to deliver quality and safe supports. Both are enforced by the NDIS Quality and Safeguards Commission and both are assessed during registration audits.

Can we use a template Code of Conduct policy for our NDIS registration?

You may use a template as a starting point, but it must be substantially tailored to reflect your organisation's services, workforce structure, and participant cohort. An auditor will look for policy specificity that demonstrates genuine implementation, not a generic document with your logo added.

Common Mistakes in an NDIS Code of Conduct Policy

Q: Does our Code of Conduct policy need to mention restrictive practices?

For SIL providers and others delivering supports where restrictive practices may arise, yes. The policy should clearly state that any use of a restrictive practice outside an authorised behaviour support plan constitutes a conduct breach and must be reported as a reportable incident to the NDIS Commission.

Why Your Code of Conduct Policy Is a High-Risk Document

Every registered NDIS provider must have a Code of Conduct policy that reflects the obligations set out under the NDIS (Code of Conduct) Rules 2018. For SIL and other disability-support providers, this document is not a formality — it is one of the first things an approved quality auditor examines. It also underpins your workers' day-to-day conduct obligations, your complaints management framework, and your response to incidents involving participants.

With the strengthened NDIS Practice Standards taking effect for new and renewing registrations, auditors are applying sharper scrutiny to policy substance, not just policy existence. The mistakes below represent the most frequently cited non-conformances identified by practitioners and compliance consultants working in the SIL sector.

Mistake 1: Copying a Generic Template and Changing Only the Logo

Using an off-the-shelf template is not inherently wrong, but many providers submit policies that retain placeholder text, refer to services they do not deliver, or use language that does not match their registration groups. An auditor will look for specificity: does the policy reflect your workforce structure, your participant cohort, and the particular risks in a SIL environment (including shared living, personal care, and overnight supports)?

The fix: Customise every section to reflect your organisation's context. Describe the conduct expectations that apply to your specific support workers, including casual and agency staff. Reference the environments in which your workers operate — SIL homes, community access, and any shared-care arrangements with other providers.

Mistake 2: Failing to List All Seven Code of Conduct Obligations

The NDIS Code of Conduct imposes seven core obligations on both providers and their workers. A common policy error is paraphrasing these obligations loosely, merging them, or omitting one entirely — most often the obligation to take reasonable steps to prevent and respond to violence, exploitation, neglect, and abuse, or the obligation to take all reasonable steps to raise concerns about unsafe or unethical conduct.

The fix: State each obligation explicitly. The seven duties are:

Act with respect for individual rights to freedom of expression, self-determination, and decision-making.
Respect the privacy of people with disability.
Provide supports and services in a safe and competent manner with care and skill.
Act with integrity, honesty, and transparency.
Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports.
Take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect, and abuse of, people with disability.
Take all reasonable steps to prevent sexual misconduct.

Cross-reference each obligation to a practical example of conduct expected in your organisation. Do not rely on the participant to infer what each obligation means in practice.

Mistake 3: Treating the Code of Conduct as a Stand-Alone Document

A Code of Conduct policy that has no visible links to your complaints management procedure, incident management system, worker screening framework, or whistleblower protections is structurally incomplete. Auditors examine your policy suite as an integrated system. If a participant or worker cannot trace the path from a conduct concern to a reportable incident or a formal complaint, your policy has failed a key test.

The fix: Insert explicit cross-references. For example: "Workers who observe a potential breach of this Code must report the concern in accordance with the organisation's Incident Management Procedure [reference document name and version]. Concerns may also be raised through the Complaints Management Procedure or directly with the NDIS Commission." Include the NDIS Commission's contact details and the process for making a complaint about a worker or provider.

Mistake 4: No Consequences Framework for Breaches

A policy that describes desirable conduct but says nothing about what happens when conduct falls short is not a compliance document — it is an aspiration statement. Auditors look for a clear articulation of how alleged breaches are investigated, what interim measures may be taken to protect participants, and what disciplinary outcomes may follow.

The fix: Include a dedicated section on breach management. Describe the investigation process (who conducts it, what confidentiality applies, and how affected participants are supported during the process). Confirm that outcomes range from additional training through to termination, and that serious conduct may be referred to the NDIS Commission, the police, or relevant state or territory authorities.

Mistake 5: Not Addressing Restrictive Practices in the Conduct Framework

For SIL providers in particular, the Code of Conduct policy must acknowledge the obligations that intersect with regulated restrictive practices. Workers must understand that any use of a restrictive practice outside an authorised behaviour support plan is a breach of conduct as well as a potential reportable incident. Many policies make no mention of this connection.

The fix: Add a section that explains the link between the Code of Conduct and the organisation's Behaviour Support Policy. State clearly that the use of unauthorised restrictive practices is a breach of conduct obligations and will be investigated and reported accordingly. Reference the requirement to notify the NDIS Commission of any use of a restrictive practice, including unplanned use.

Mistake 6: Omitting Worker Screening and Ongoing Suitability Obligations

The Code of Conduct applies to all workers — including volunteers, students on placement, and contractors engaged through labour-hire arrangements. Many policies specify the conduct obligations but fail to state that all personnel in risk-assessed roles must hold a current NDIS Worker Screening clearance, and that a clearance does not negate the conduct obligations.

The fix: State explicitly which roles require NDIS Worker Screening clearances under your registration. Clarify that conduct obligations apply regardless of employment status or the nature of the engagement, and that the organisation will take action — including restricting access to participants — where a worker's clearance lapses or is revoked.

Mistake 7: No Review Schedule or Version Control

A policy dated several years ago with no review history raises an immediate question during audit: has this organisation kept pace with changes to the NDIS Practice Standards and the Code of Conduct Rules? Version control and review scheduling are not bureaucratic niceties — they are evidence that your governance is active, not nominal.

The fix: Establish a minimum annual review cycle and record it in the policy footer or a document control table. After each review, update the version number, the review date, and the name of the approving officer. Ensure previous versions are archived and retrievable. Trigger an unscheduled review whenever the NDIS Commission issues new guidance, when a significant incident occurs, or when your registration groups change.

A Quick Self-Audit Checklist Before Your Next Registration

Check	Status
All seven Code of Conduct obligations listed verbatim or equivalent	Yes / No / Partial
Policy tailored to your registration groups and service environment	Yes / No / Partial
Cross-references to complaints, incident, and whistleblower procedures	Yes / No / Partial
Breach investigation process and consequences described	Yes / No / Partial
Restrictive practices conduct obligations referenced	Yes / No / Partial
Worker screening obligations stated for all relevant roles	Yes / No / Partial
Annual review schedule and version control in place	Yes / No / Partial

Getting Your Full Policy Suite Audit-Ready

The Code of Conduct policy does not stand alone. It anchors a wider suite of documents — incident management, complaints handling, behaviour support, worker screening, privacy, and more — that auditors assess as a coherent system. For SIL providers facing 2026 registration requirements, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that covers every Practice Standard module, pre-populated with NDIS Commission language and ready to be tailored to your organisation.

Regardless of where you source your documents, the critical point is that your Code of Conduct policy must be specific, integrated, current, and enforced. A document that ticks every formal box but is unknown to your workers or disconnected from your incident reporting system will not satisfy an auditor — and more importantly, it will not protect the participants in your care.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.