Does our NDIS restrictive practices policy need to address state and territory authorisation?

Yes. Authorisation for regulated restrictive practices is a shared responsibility between the NDIS Commission and the relevant state or territory authority. Requirements differ by jurisdiction, so providers operating across multiple states must ensure their policy or associated procedures reflect those differences and assign clear responsibility for confirming authorisation before implementation.

How often should a SIL provider review its restrictive practices policy?

Your policy should include a documented review schedule — at minimum annually. An out-of-cycle review is also required following regulatory changes (such as updates to the NDIS Practice Standards or Commission rules), a significant incident involving restrictive practices, or a finding from an approved quality auditor.

What mandatory reporting obligations apply to restrictive practices?

Registered NDIS providers must report certain uses of regulated restrictive practices to the NDIS Commission within specified timeframes. The policy should name who is responsible for submitting reports, what events trigger reporting, and how reports are recorded against the relevant participant file. Vague references to 'reporting as required' are not sufficient for audit purposes.

Can staff implement a regulated restrictive practice without a behaviour support plan?

No. Under NDIS rules, regulated restrictive practices must be underpinned by a behaviour support plan prepared by a registered behaviour support practitioner and authorised by the relevant state or territory authority. Implementing a restrictive practice without this in place is a serious compliance breach that the NDIS Commission can take regulatory action over.

What happens if our restrictive practices policy has gaps when an auditor visits?

An approved quality auditor who identifies policy gaps will typically raise a non-conformance finding. Depending on the severity and number of findings, this can result in conditions being placed on your registration, a requirement to submit a corrective action plan, or — in serious cases — suspension or cancellation of your NDIS registration.

Common Mistakes in an NDIS Restrictive Practices Policy

Q: What are the five types of regulated restrictive practices under the NDIS?

The NDIS (Restrictive Practices and Behaviour Support) Rules 2018 define five categories: chemical restraint, mechanical restraint, physical restraint, seclusion, and environmental restraint. A compliant NDIS restrictive practices policy must address all five, even if your service does not currently use certain types.

A restrictive practices policy is one of the most scrutinised documents an NDIS registered provider can hold. For SIL (Supported Independent Living) providers, the stakes are particularly high: restrictive practices intersect directly with human rights, safeguarding obligations, and the NDIS Practice Standards. With the strengthened 2026 registration and practice standards framework tightening requirements further, many providers are discovering — often during an approved quality auditor visit — that their existing policy contains significant gaps.

This article identifies the seven most common mistakes found in NDIS restrictive practices policies and provides practical guidance on how to fix each one before your next audit.

Why Your Restrictive Practices Policy Matters

Under the NDIS (Restrictive Practices and Behaviour Support) Rules 2018, NDIS registered providers who implement regulated restrictive practices must meet specific obligations — including obtaining authorisation, reporting to the NDIS Commission, and ensuring every use is underpinned by a behaviour support plan prepared by a registered behaviour support practitioner. The NDIS Commission monitors compliance and can take regulatory action, including issuing compliance notices or suspending registration, where providers fall short.

A policy that looks complete on paper but contains any of the errors below will not hold up under an auditor's scrutiny.

Mistake 1: Using a Generic Template Without Participant-Specific Linkage

Many providers download or purchase a one-size-fits-all restrictive practices policy and file it without adapting it to their service context. The critical problem: a restrictive practices policy must articulate how your organisation links each instance of a regulated restrictive practice to an individual participant's NDIS behaviour support plan. A policy that speaks only in generalities — "we will follow all relevant guidelines" — gives auditors nothing to assess.

The fix: Ensure your policy includes a clear procedural section explaining how behaviour support plans are obtained, stored, reviewed, and actioned at the individual level. Reference the role of the registered behaviour support practitioner and specify the internal process for obtaining written consent and state/territory authorisation before any regulated restrictive practice is implemented.

Mistake 2: Omitting the Full List of Regulated Restrictive Practice Types

The NDIS Rules define five categories of regulated restrictive practices: chemical restraint, mechanical restraint, physical restraint, seclusion, and environmental restraint. Providers frequently address one or two of these (commonly physical restraint) while leaving others absent from the policy entirely.

The fix: Structure your policy to address each of the five categories individually. Even if your service does not currently use certain types, your policy should explicitly state this and include a procedure for what would occur if that situation arose. Auditors look for evidence that your organisation has considered the full scope of its obligations, not just the scenarios it encounters daily.

Mistake 3: Failing to Reflect State and Territory Authorisation Requirements

Authorisation for regulated restrictive practices is a shared responsibility between the NDIS Commission and state or territory authorities. The specific authorisation body and process differs depending on where your participants are located. Providers operating across multiple jurisdictions — common in SIL — often write a single national policy that glosses over these jurisdictional differences.

The fix: Your policy must acknowledge that authorisation requirements vary by jurisdiction and either incorporate a jurisdiction-specific schedule or reference a separate procedure document that covers each state or territory in which you operate. Describe clearly who within your organisation holds responsibility for confirming that the correct authorisation has been obtained before a practice is implemented.

Mistake 4: Inadequate Mandatory Reporting Obligations

Registered providers are required to report certain uses of regulated restrictive practices to the NDIS Commission within defined timeframes. A common policy error is either omitting reporting obligations entirely or describing them so vaguely — "we will report as required" — that staff have no operational guidance.

The fix: Your policy should specify:

Which types of events or uses of restrictive practices trigger a mandatory report to the NDIS Commission
The timeframe within which that report must be submitted
Who within your organisation is responsible for completing and submitting the report
How reports are recorded internally and linked to the relevant participant file

Cross-reference this section with your incident management policy to avoid duplication errors and ensure consistency across your document suite.

Mistake 5: No Evidence of Staff Training Requirements

The NDIS Practice Standards require providers to ensure workers are trained and competent in the supports they deliver. For restrictive practices, this means workers who implement regulated practices must be trained in the relevant behaviour support plan, the specific practice being used, and their human rights obligations. Many policies say workers "will be trained" without specifying what training, by whom, or how compliance is verified.

The fix: Include a dedicated training section in your policy that outlines:

The minimum training requirements for staff who may implement regulated restrictive practices
How training is recorded and how currency is maintained
The process for inducting new staff before they work with participants who have behaviour support plans involving restrictive practices
Supervision and competency-verification requirements

Mistake 6: Treating the Policy as a Set-and-Forget Document

NDIS Commission requirements, state authorisation frameworks, and the Practice Standards are not static. The strengthened framework introduced as part of the 2026 mandatory registration changes includes updated expectations around behaviour support, restrictive practices governance, and provider oversight. Providers who last reviewed their restrictive practices policy several years ago — or who have no documented review cycle — are almost certainly out of date.

The fix: Your policy must include a review schedule. Specify who is responsible for triggering a review, under what circumstances an out-of-cycle review is required (for example, following a regulatory change or a significant incident), and how updates are communicated to staff and reflected in participant-facing documents.

Mistake 7: Disconnection from Your Incident Management and Complaints Processes

A restrictive practices policy does not operate in isolation. Every incident involving the use of a regulated restrictive practice — particularly any use that results in harm or is outside the parameters of an authorised behaviour support plan — must feed into your incident management system and, where applicable, your reportable incidents process. Similarly, participants and their families must be aware of how to raise concerns about the use of restrictive practices.

The fix: Explicitly cross-reference your incident management policy, your complaints management policy, and your behaviour support plan review procedures within your restrictive practices policy. Describe the pathway a concern or incident follows from initial identification through to resolution and learning. Auditors assess whether your document suite forms a coherent, integrated system — not just a collection of standalone policies.

A Practical Self-Audit Before Your Next Review

Before submitting to an approved quality auditor, run your restrictive practices policy against this checklist:

Does it define all five categories of regulated restrictive practices?
Does it explain how individual behaviour support plans are linked to practice authorisation?
Does it address state and territory authorisation differences?
Does it specify mandatory reporting timeframes, responsibilities, and processes?
Does it set out staff training and competency requirements?
Does it include a documented review cycle?
Does it cross-reference incident management, complaints, and behaviour support plan review procedures?

If you cannot answer yes to each of these, your policy has a gap that is likely to generate a non-conformance finding.

Getting Your Document Suite Audit-Ready

For SIL providers managing the complexity of the strengthened 2026 framework alongside the demands of day-to-day service delivery, building a compliant restrictive practices policy from scratch — and ensuring it sits correctly within a broader document suite — is a significant undertaking. The ndiscompliant.com.au 74-document audit-ready SIL compliance kit includes a structured restrictive practices policy template aligned to current NDIS Commission requirements, along with the supporting incident management, behaviour support, and complaints procedures it needs to cross-reference.

Regardless of the approach you take, the most important step is to treat your restrictive practices policy as a living, operational document rather than a compliance formality. The NDIS Commission's expectations are clear: providers must demonstrate genuine governance of restrictive practices, not merely the existence of paperwork.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.