Is a complaints management policy mandatory for all NDIS providers?

Yes, for all registered NDIS providers. A complaints management and resolution system is a mandatory requirement under the NDIS Practice Standards Core Module, which applies to every registered provider regardless of size or support type. Unregistered providers are still subject to the NDIS Code of Conduct, which requires them to handle concerns appropriately.

What happens if an NDIS provider does not have a complaints policy?

A missing or inadequate complaints management policy will likely be recorded as a non-conformance during a quality audit. Depending on severity, this can delay or prevent registration renewal, result in conditions of registration requiring remediation, or trigger a compliance notice from the NDIS Quality and Safeguards Commission.

Does my complaints policy need to mention the NDIS Quality and Safeguards Commission?

Yes. Your complaints policy and participant-facing documentation must clearly inform participants and their representatives of their right to escalate a complaint to the NDIS Quality and Safeguards Commission. Contact details for the Commission should be included so participants can exercise this right without needing to seek the information themselves.

How often should an NDIS complaints management policy be reviewed?

The NDIS Practice Standards require providers to maintain a system that remains current and fit for purpose. Most providers conduct a formal review at least annually, and additionally whenever there is a significant change to the NDIS Practice Standards, a pattern of complaints suggests a systemic issue, or a serious incident triggers a policy review. Evidence of reviews should be retained for audit purposes.

Can participants make a verbal complaint, or must it be in writing?

Participants must be able to make complaints both verbally and in writing. Your policy must accommodate participants with different communication needs, including those who require an advocate, interpreter, or alternative format. Restricting complaints to a written form only is inconsistent with the NDIS Practice Standards accessibility requirements.

What is the difference between a complaint and a reportable incident under the NDIS?

A complaint is a concern or expression of dissatisfaction raised by a participant, family member, advocate, or other party about the quality or safety of supports. A reportable incident is a defined event — such as abuse, neglect, unlawful use of restraint, or an unexpected death — that must be notified to the NDIS Commission within regulated timeframes. Some matters can be both a complaint and a reportable incident simultaneously, and your procedures should address how to manage that overlap.

Do you need an NDIS complaints management policy? Provider requirements

Who must have an NDIS complaints management policy?

Every registered NDIS provider is required to have a complaints management and resolution system in place. This is not optional — it is a mandatory element of the NDIS Practice Standards, which form the benchmarks against which all registered providers are assessed during quality audits.

The obligation applies regardless of the size of your organisation. Whether you employ two support workers or two hundred, if you hold NDIS registration, you must be able to demonstrate a functional, documented complaints system. The requirement sits within the Core Module of the Practice Standards, meaning it applies to every registered provider category — including those delivering Supported Independent Living (SIL), Specialist Disability Accommodation (SDA), Support Coordination, and all other registered support types.

Unregistered providers are not directly assessed against the Practice Standards, but they are still subject to the NDIS Code of Conduct. The Code requires all NDIS providers — registered or not — to take reasonable steps to act with integrity, honesty, and transparency, including responding appropriately when participants raise concerns. In practice, this means unregistered providers should also maintain a documented complaints process, even if it is simpler than what a registered provider needs.

What the NDIS Practice Standards actually require

The Practice Standards specify that a registered provider must have a system for managing and resolving complaints that is accessible, responsive, and fair. The standards address both the process for handling complaints and the culture around them — participants must be able to raise concerns without fear of negative consequences.

Key requirements include:

A clearly documented policy and procedure that staff, participants, and their representatives can access
A process for acknowledging complaints promptly and keeping complainants informed of progress
Mechanisms for participants to raise complaints verbally or in writing, with support available for those who need assistance to do so
A fair and objective investigation process that separates complaint investigation from any staff member who is the subject of the complaint
A clear escalation pathway, including informing participants of their right to escalate to the NDIS Quality and Safeguards Commission
A process for recording, tracking, and reviewing complaints over time to identify systemic issues
Evidence that complaints outcomes and learnings are used to drive continuous improvement

The strengthened framework introduced progressively from 2024 onwards places even greater emphasis on participant voice and safeguarding. Providers seeking registration or renewal under the strengthened Practice Standards must demonstrate that their complaints system is not merely a paper exercise — auditors will look for evidence that the policy is actually used, that staff understand it, and that participants know how to access it.

What your complaints management policy must contain

A compliant policy is not a one-page statement. It should be a working document that staff can follow without ambiguity. At minimum, your policy and associated procedures should address the following elements:

Purpose and scope — who the policy applies to (staff, contractors, participants, families, advocates) and what types of concerns it covers
Definitions — what constitutes a complaint versus a general enquiry, a reportable incident, or a quality improvement suggestion
How to make a complaint — phone, email, in writing, in person, via an advocate or representative; accessible formats for participants with communication needs
Roles and responsibilities — who is responsible for receiving, logging, investigating, and resolving complaints; who the escalation point is
Timeframes — how quickly complaints are acknowledged and resolved (your policy should set internal timeframes that meet or exceed community expectations)
Confidentiality provisions — how you protect the identity of complainants where requested and how you manage conflicts of interest
Investigation process — the steps taken to assess the complaint, gather information, and reach a fair outcome
Outcomes and communication — how you notify complainants of the outcome and any actions taken
External escalation — explicit reference to the NDIS Quality and Safeguards Commission as the external complaints body, with contact details
Record-keeping — how complaints are logged, stored, and reviewed; retention period in line with your state or territory requirements
Continuous improvement — how complaint data is analysed and used to improve services

Consequences of not having a compliant policy

The NDIS Quality and Safeguards Commission has a range of powers to respond to providers who fail to meet the Practice Standards. If a quality auditor identifies that your complaints management system is absent, inadequate, or not being used in practice, this will likely be recorded as a non-conformance. Depending on severity, non-conformances can:

Delay or prevent registration renewal
Trigger a conditions of registration that requires you to remediate and provide evidence within a fixed period
Result in a compliance notice, banning order, or — in serious cases — cancellation of registration
Prompt investigation of related concerns such as restrictive practice use or reportable incident handling

Beyond regulatory consequences, an absent or dysfunctional complaints policy creates real risk for participants. The intent of the NDIS Commission's complaints framework is to ensure that people with disability have a genuine avenue to raise concerns and receive a fair response. Providers who treat this as a paperwork obligation rather than a genuine safeguarding mechanism are more likely to face escalated complaints — and participants and their advocates are increasingly well-informed about the Commission's role.

Common non-conformances seen during audits

Quality auditors regularly identify the following gaps in SIL and disability support provider complaints systems:

A policy that exists on paper but has not been reviewed or updated to reflect the current Practice Standards
Staff who are unaware of the complaints procedure or unsure of their role in it
No accessible format available for participants with cognitive or communication disabilities
Complaints registers that are incomplete or not reviewed at a governance level
No evidence that complaint learnings have fed back into service improvement
Failure to inform complainants of their right to contact the NDIS Commission
Conflicts of interest in investigation — the person being complained about also manages the complaint

Aligning your policy with the strengthened Practice Standards

The NDIS Commission has been progressively implementing the Strengthened NDIS Practice Standards as part of the broader reforms arising from the NDIS Review and the Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability. For SIL providers in particular, the strengthened standards place heightened obligations around safeguarding, participant choice and control, and evidence of active risk management.

Under the strengthened framework, your complaints management policy should be read alongside your:

Incident management and reportable incidents policy (mandatory reporting to the Commission)
Restrictive practices authorisation and monitoring procedures (where applicable)
Risk management framework
Worker screening and code of conduct training records

The Commission expects to see these systems operating in an integrated way, not as siloed documents that exist independently of each other. An auditor may trace a single complaint from intake through to outcome and then check whether it triggered an incident report, whether a review of staff practice occurred, and whether the outcome was communicated to the participant — all as part of a single audit activity.

Practical steps to get your policy audit-ready

Review the current NDIS Practice Standards Core Module to confirm your policy addresses every specified requirement
Check that your policy has been updated to reflect any Commission guidance issued in 2024 or 2025
Test your policy by walking through a hypothetical complaint — can a new staff member follow it without extra guidance?
Confirm that participant-facing documentation (welcome packs, support agreements) references the complaints process in plain English
Ensure your complaints register is in use and that trends are reviewed at least annually at a governance level
Train all staff — including support workers, not just managers — on the complaints procedure as part of induction and ongoing professional development
Document your review cycle and keep evidence of previous reviews in case an auditor asks

If you are building your compliance documentation from scratch or preparing for a certification audit, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that includes a fully drafted complaints management policy and procedure, along with the supporting registers and templates quality auditors expect to see.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.