Who needs an NDIS behaviour support policy?
Not every NDIS provider carries the same obligations when it comes to behaviour support, but the threshold is lower than many assume. Under the NDIS (Restrictive Practices and Behaviour Support) Rules 2018 and the broader NDIS Practice Standards, a registered provider must have a documented behaviour support policy if any of the following apply:
- Your organisation implements a behaviour support plan (BSP) on behalf of a participant — even occasionally.
- Your workers use, or are authorised to use, a regulated restrictive practice (including physical restraint, mechanical restraint, environmental restraint, chemical restraint, or seclusion).
- You operate supports where challenging behaviour or complex needs are reasonably foreseeable, such as Supported Independent Living (SIL), Specialist Disability Accommodation (SDA) with on-site support, or group-based day programs.
- You employ or engage behaviour support practitioners whose work you are required to oversee.
Unregistered providers operating under the NDIS are not subject to the same mandatory compliance requirements, but registered providers in the above situations have no discretion — the policy is compulsory, and its absence is a non-conformance finding at audit.
Why the policy matters: the legal and regulatory backdrop
The NDIS Quality and Safeguards Commission enforces the NDIS Practice Standards, which include a dedicated core module on Behaviour Support. This module requires providers to demonstrate, through documented systems and observable practice, that they:
- Promote the rights, dignity, and autonomy of participants at all times.
- Implement behaviour support in a way that is evidence-based, trauma-informed, and least-restrictive.
- Reduce and, wherever possible, eliminate the use of regulated restrictive practices over time.
- Ensure workers are trained, supervised, and supported to implement BSPs correctly.
- Report any use of regulated restrictive practices to the NDIS Commission within the required timeframes.
The NDIS Code of Conduct also requires all workers and providers to support the provision of safe, high-quality supports. A behaviour support policy is the organisational instrument that operationalises those obligations for your specific service context.
From 2026, the strengthened NDIS Practice Standards framework increases scrutiny on providers' documented systems. Approved quality auditors are expected to assess not just whether a policy exists, but whether it is actively embedded in practice, reviewed regularly, and genuinely understood by frontline workers.
What your behaviour support policy must cover
The NDIS Commission does not prescribe a single mandated template, but audit evidence and the Practice Standards make clear what auditors expect to see. A compliant behaviour support policy should address the following areas:
1. Statement of commitment and rights
An explicit statement that your organisation is committed to positive behaviour support, to upholding the human rights of every participant, and to working toward the elimination of restrictive practices.
2. Scope and applicability
Clarity on which service lines, participant cohorts, and geographic locations the policy applies to. For SIL providers, this typically means all supported accommodation sites and any in-community supports delivered to the same participants.
3. Roles and responsibilities
A clear allocation of responsibility for behaviour support across your organisation — from the board or executive level through to team leaders and direct support workers. This should identify who is responsible for coordinating with registered behaviour support practitioners, who authorises restrictive practice use, and who monitors compliance.
4. Positive behaviour support approach
A description of your organisation's approach to understanding the function of behaviour and how you build individual-level supports. This should reference proactive strategies, environment modification, skill-building, and the importance of working collaboratively with participants, their families, and support networks.
5. Restrictive practices governance
Detailed procedures for how your organisation authorises, implements, monitors, and reviews any regulated restrictive practice. This must include how your state or territory's authorisation requirements are met (noting that authorisation pathways differ between jurisdictions), and how you ensure that no restrictive practice is used without a current, NDIS Commission-lodged behaviour support plan.
6. Reporting and incident management
How your organisation identifies, records, and reports the use of restrictive practices to the NDIS Commission as required by the Rules. This section should link to your broader incident management policy and clarify the specific notification obligations for restrictive practice use, including the relevant timeframes.
7. Training and workforce capability
Your expectations for worker training in behaviour support, including initial induction requirements, ongoing professional development, and how workers are supported to implement BSPs with fidelity. The policy should note the distinction between implementing a BSP (a worker function) and developing a BSP (a practitioner function), as conflating these is a common audit finding.
8. Review and continuous improvement
How often the policy is reviewed (annually is standard practice), who is responsible for the review, and how data from incidents, restrictive practice usage, and participant feedback informs improvements over time.
Common gaps that auditors find
Based on the audit requirements published by the NDIS Commission, these are the areas where providers most frequently fall short:
| Gap | Why it matters |
|---|---|
| Policy exists but workers have not read or been trained on it | A policy that is not embedded in practice carries no evidential weight at audit |
| No link between the policy and the actual BSPs on file | Auditors look for coherence between your documented system and individual participant plans |
| Restrictive practice procedures do not reflect jurisdictional authorisation requirements | Each state and territory has its own authorisation pathway — a generic national template may not be compliant in your operating jurisdiction |
| Policy has not been reviewed in more than 12 months | The strengthened standards expect evidence of active governance, not set-and-forget documents |
| No escalation pathway documented when a BSP is absent or out of date | Workers must know what to do when a participant presents with a behaviour of concern and there is no current BSP in place |
Practical steps to build or review your policy
- Map your service context. Identify every service line where behaviour support obligations apply. For SIL providers, this includes after-hours and on-call scenarios, not just scheduled support shifts.
- Review the Practice Standards Behaviour Support module. Read the quality indicators directly from the NDIS Commission website so your policy language aligns with the audit criteria.
- Check jurisdictional authorisation requirements. Contact your state or territory's authorisation body (for example, the Senior Practitioner in Victoria or the relevant authority in your state) to ensure your restrictive practice governance procedures match local law.
- Consult your behaviour support practitioners. If you engage external practitioners, ensure the policy accurately reflects the collaborative process between your organisation and the practitioner — particularly around plan implementation, fidelity monitoring, and reporting.
- Integrate the policy into worker induction and ongoing training. Document how and when workers receive training on the policy, and retain records of completion.
- Set a review calendar. Schedule an annual policy review and assign a named role to own it. Include a review trigger for any significant regulatory change, incident, or audit finding.
- Cross-reference your incident and complaints procedures. Ensure the behaviour support policy does not create inconsistencies with related policies already in your document management system.
Consequences of non-compliance
The NDIS Commission has broad powers under the NDIS Act 2013 to respond to non-compliance. For providers without adequate behaviour support policies, or where policies exist on paper but are not implemented in practice, consequences can include a formal non-conformance finding at audit, a compliance notice, conditions placed on registration, civil penalties, or — in serious cases involving harm — suspension or banning orders against the organisation or individual workers.
For SIL providers in particular, the Commission has signalled that behaviour support governance is an area of heightened focus in the 2026 registration renewal cycle, given the vulnerability of participants living in supported accommodation settings.
Where to get compliant documentation
Building a behaviour support policy from scratch that aligns with the Practice Standards, the Rules, and your jurisdiction's authorisation requirements is a significant undertaking. If you are reviewing your organisation's compliance document suite more broadly, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that includes a behaviour support policy template aligned to the current NDIS Commission requirements, alongside your incident management, complaints, restrictive practice reporting, and governance documents — designed to work together as a coherent system rather than isolated files.
Regardless of whether you use a template or draft your own, the critical requirement is that your policy reflects your actual operating context, is understood by your workforce, and is actively maintained over time.
Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.