Does my NDIS HR policy need to reference the Code of Conduct explicitly?

Yes. The NDIS Code of Conduct applies directly to workers and support providers, and your HR policy should demonstrate how your organisation enforces each of the seven Code elements. Auditors look for this alignment as evidence of genuine governance, not just a policy document on file.

Which workers need an NDIS Worker Screening Check, and must this be in the HR policy?

Workers in risk-assessed roles — including those who deliver direct supports to NDIS participants — must hold a valid NDIS Worker Screening clearance. Your HR policy should specify these roles by title, the pre-commencement requirement, and how the screening register is maintained and monitored.

How often should an NDIS HR policy be reviewed?

At minimum, annually. You should also review the policy promptly when the NDIS Commission updates the Practice Standards, the Code of Conduct, or associated rules. The 2026 strengthened framework introduced changes that require many providers to update policies that were compliant as recently as 2023.

What happens if our HR policy has gaps when we go to audit?

Gaps are typically recorded as non-conformances. Depending on severity, they may result in a requirement to submit a corrective action plan within a defined timeframe, or — under the strengthened 2026 framework — may affect the registration outcome if they indicate systemic governance weaknesses.

Does the HR policy need to address restrictive practices if we are a SIL provider?

Yes, if any regulated restrictive practices are used or may be used in your service. Your HR policy should confirm that only trained and authorised workers may implement such practices, cross-reference your behaviour support policy, and specify consequences for unauthorised implementation.

Can we use a single HR policy for multiple NDIS registration groups?

You can use a single overarching HR policy provided it addresses the specific obligations relevant to each registration group you hold, including any group-specific staffing qualifications, supervision requirements, or incident obligations. SIL-specific requirements — such as 24/7 support obligations and overnight staffing governance — must be explicitly covered.

Common Mistakes in an NDIS Human Resources Policy (2026 Guide)

Your HR policy is not a box-ticking formality — it is evidence that your organisation has the governance structures, workforce safeguards, and accountability mechanisms required under the NDIS Practice Standards. Quality auditors examine it closely, and under the strengthened 2026 registration framework, gaps that were previously flagged as minor can now contribute to conditional or refused registration outcomes.

The following seven mistakes are the most common non-conformances observed across SIL and disability support providers. Each one has a direct fix you can apply now.

Mistake 1: Treating the HR Policy as a Generic Workplace Document

Many providers download a generic HR template — one designed for mainstream employers — and make superficial edits before submitting it as NDIS-ready. The problem is that NDIS-registered providers have specific obligations that generic HR frameworks do not address: the NDIS Code of Conduct applies directly to workers, not just the organisation, and the HR policy must demonstrate how your organisation enforces those obligations at the individual worker level.

The fix: Structure your policy around the seven elements of the NDIS Code of Conduct. For each element (acting with respect, providing supports safely, preventing and responding to abuse and neglect, and so on), document the behavioural expectation, the training mechanism, and the consequence for breach.

Mistake 2: Omitting or Vaguely Describing Worker Screening Obligations

The NDIS Worker Screening Check is not optional for risk-assessed roles, and the HR policy must specify which roles require a clearance before the worker commences, what happens if a clearance is pending, and how the organisation maintains a live register of worker screening statuses. Many policies simply state "workers must hold appropriate checks" without defining the process, the responsible position, or the review cadence.

The fix: Include a dedicated Worker Screening section that lists risk-assessed roles by position title, sets the pre-commencement requirement, specifies what interim supervision applies if a check is in progress, and names the role responsible for maintaining the register. The policy must also address the obligation to report changes in a worker's screening status to the NDIS Commission.

Mistake 3: No Mandatory Reporting or Incident Notification Obligations for Workers

Provider incident management obligations under the NDIS Practice Standards are well understood at the governance level, but many HR policies fail to translate those obligations into clear worker-level duties. Workers need to know — in plain language — what constitutes a reportable incident, how to report internally, within what timeframe, and what happens if they fail to report. Leaving this out of the HR policy creates a gap between organisational obligation and individual worker awareness.

The fix: Cross-reference your incident management policy within the HR policy and include a summary of the worker's personal obligations. Confirm that all workers receive training on incident reporting at induction and at defined intervals thereafter, and document that training completion is recorded.

Mistake 4: Inadequate Handling of Restrictive Practices and Behaviour Support

If your SIL service involves any regulated restrictive practices, your HR policy must address how workers are authorised, trained, and supervised in relation to those practices. A common mistake is to assume the behaviour support policy covers this and to leave the HR policy silent. Auditors look for alignment between documents — the HR policy should reference worker authorisation requirements and make explicit that only trained and authorised workers may implement a regulated restrictive practice.

The fix: Add a clause that links your behaviour support and restrictive practices policies to HR governance. Specify that workers must complete recognised training before implementing any regulated restrictive practice, that records of that training are maintained, and that any worker who implements a restrictive practice without authorisation faces formal performance management.

Mistake 5: Inadequate Performance Management and Misconduct Framework

The NDIS Practice Standards require providers to have systems for managing the performance of their workforce. A policy that describes annual performance reviews but says nothing about how the organisation responds to conduct breaches — particularly those involving harm to participants — is not sufficient. Auditors look for a proportionate, documented process that links misconduct to the Code of Conduct, includes suspension provisions where participant safety is at risk, and ensures outcomes are recorded.

The fix: Include a tiered misconduct framework. Define minor misconduct, serious misconduct, and conduct that constitutes a potential breach of the Code of Conduct. Specify that conduct involving participant harm triggers immediate supervisory review, possible suspension, and mandatory consideration of whether a report to the NDIS Commission is required. Document how outcomes are recorded and how reinstatement decisions are made.

Mistake 6: No Policy on Disclosure Obligations and Conflict of Interest

SIL providers operate in environments where workers may have personal relationships with participants or their families, financial interests in competing services, or secondary employment that creates conflicts. An HR policy that does not address disclosure obligations leaves the organisation exposed. This is particularly relevant under the strengthened framework, which emphasises governance and transparency.

The fix: Include a conflict of interest and disclosure clause. Require workers to disclose relationships, financial interests, and secondary employment that may affect their objectivity or the participant's safety. Specify how disclosures are assessed and recorded, and what restrictions may apply.

Mistake 7: No Scheduled Review Cycle or Version Control

Submitting a policy with no review date, no version history, and no named owner is a common and avoidable finding. The NDIS Commission expects policies to be living documents that are reviewed at least annually — and promptly when legislative or regulatory changes occur. Under the 2026 strengthened framework, the pace of change in Practice Standards means that a policy last updated in 2023 may already be materially out of date.

The fix: Add a document control table to the front page of the policy. Record the version number, the date of last review, the date of next scheduled review, and the position responsible for maintaining the document. Establish an internal calendar reminder tied to the NDIS Commission's announcement cycle so that regulatory updates trigger a policy review within a defined period.

A Practical Review Checklist

Before submitting your HR policy for audit, confirm it addresses each of the following:

Alignment with all seven elements of the NDIS Code of Conduct
Worker screening obligations by position, including risk-assessed roles and the clearance register
Worker-level incident reporting obligations and timelines
Authorisation and training requirements for any regulated restrictive practices
A tiered misconduct and performance management framework linked to the Code of Conduct
Conflict of interest and disclosure obligations
Document control table with review dates and a named policy owner
Cross-references to your incident management, behaviour support, and complaints policies
Induction and ongoing training requirements, with records maintained
Supervision ratios and arrangements appropriate for the level of participant support needs

How This Connects to the Broader Compliance Picture

The HR policy does not stand alone. Auditors assess it alongside your incident management policy, your behaviour support documentation, your complaints management system, and your governance structure. A gap in one document creates inconsistency across the file, and inconsistency is what auditors flag as non-conformance.

For SIL providers building or refreshing their full documentation suite, ndiscompliant.com.au offers a 74-document audit-ready compliance kit specifically structured for SIL and disability support providers, covering all NDIS Practice Standards modules including the Strengthened Standards introduced from 2026.

Summary

The most common HR policy mistakes — generic templates, missing screening obligations, silent misconduct frameworks, no disclosure clauses, and no review cycle — are all fixable before your audit. Start with the Code of Conduct alignment check, add the worker screening and incident reporting sections, and make sure your document control table reflects a live, maintained policy rather than a one-time submission. That is the difference between a confident audit outcome and a corrective action finding.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.