Is an emergency and disaster management plan mandatory for all NDIS registered providers?

Yes. All registered NDIS providers must have an emergency and disaster management plan as part of their obligations under the NDIS Practice Standards. The requirement applies regardless of the size of the organisation or the type of supports delivered.

What is the difference between an organisational emergency plan and an individual participant emergency plan?

An organisational plan addresses site-level risks, staff roles, communication protocols, and business continuity. An individual participant emergency plan (sometimes called a PEEP) documents the specific support needs, evacuation assistance, and communication requirements for a particular participant. SIL providers need both.

How often does an NDIS emergency and disaster management plan need to be reviewed?

The NDIS Practice Standards require providers to test and review their emergency management arrangements regularly. As a minimum, plans should be reviewed annually and updated following any actual emergency, significant incident, or change to the provider's premises, participant cohort, or staffing arrangements.

Can our emergency plan be a generic template, or does it need to be site-specific?

It must be specific. Approved quality auditors look for evidence that the plan reflects your actual geographic risks, premises layout, participant population, and staffing structure. A generic template that has not been adapted is a common source of non-conformances during registration audits.

Do emergency incidents need to be reported to the NDIS Commission?

Depending on what occurs during the emergency, yes. If a participant is injured, goes missing, experiences an unauthorised restrictive practice, or is involved in another reportable incident during an emergency, the provider must report to the Commission through the incident management system within the required timeframes under the NDIS Incident Management Rules.

What happens if a SIL provider fails an audit because of their emergency management plan?

A non-conformance against the Practice Standards can result in the Commission issuing a compliance notice, imposing conditions on registration, or in serious cases, suspending or cancelling the provider's registration. Providers are typically given an opportunity to remediate, but repeat or serious failures attract stronger enforcement action.

Do you need an NDIS emergency and disaster management plan? Provider requirements

Who needs an NDIS emergency and disaster management plan?

If you are a registered NDIS provider in Australia, you are required to have an emergency and disaster management plan. This obligation is not confined to large organisations or those delivering complex supports — it applies across the sector, including Supported Independent Living (SIL) providers, group homes, day programmes, and sole practitioners delivering regulated supports.

The requirement sits within the NDIS Practice Standards, which all registered providers must comply with as a condition of their registration. The Standards are enforced by the NDIS Quality and Safeguards Commission (the Commission). With the strengthened 2026 registration framework and revised Practice Standards now in effect, emergency and disaster preparedness has become a more prominent area of auditor scrutiny.

Why emergency planning is a mandatory requirement — not just good practice

People with disability are disproportionately affected by emergencies and disasters. Research and incident data consistently show that NDIS participants face heightened risks during fires, floods, heatwaves, pandemics, and power outages — particularly those in residential settings or who rely on specialist supports to meet daily needs.

The Commission's position is that providers have a duty of care to anticipate and plan for these risks. Emergency management obligations are embedded in the Practice Standards because reactive responses are not sufficient where participants may be unable to self-evacuate, may require medication, or depend on equipment that requires electricity or refrigeration.

Under the NDIS Code of Conduct, providers and their workers must act with care and skill and take reasonable steps to prevent harm. Failing to maintain an adequate emergency plan — and to train staff in it — can be treated as a breach of the Code of Conduct as well as a non-conformance against the Practice Standards.

Which Practice Standards apply?

Emergency and disaster management requirements appear across multiple parts of the NDIS Practice Standards framework:

Core Module — Provider Governance and Operational Management: Providers must have documented policies and procedures for emergency and disaster management, and must test and review them regularly.
High Intensity Daily Personal Activities (where applicable): Additional requirements apply where participants have complex health needs that create heightened risk during an emergency.
SIL and Group/Centre-based Supports: Residential and centre-based settings face the most detailed requirements, including individual emergency plans for each participant, evacuation drills, and site-specific risk assessments.

The strengthened Practice Standards introduced additional emphasis on person-centred emergency planning — meaning the plan must account for each individual participant's disability, communication needs, support requirements, and preferences, not just generic building evacuation procedures.

What your emergency and disaster management plan must include

A compliant plan addresses both the organisational level and the individual participant level. The following elements are expected by approved quality auditors:

Organisational-level requirements

Identification of foreseeable emergency and disaster risks relevant to your geographic location and the supports you deliver (e.g., bushfire, flood, extreme heat, pandemic, cyber incident affecting critical systems)
Clear roles and responsibilities for staff during an emergency, including an identified emergency coordinator
Communication protocols — how you will notify participants, families/carers, the Commission, and other relevant parties during and after an emergency
Business continuity arrangements — how you will maintain or restore critical supports if your premises, systems, or workforce are disrupted
Procedures for safe evacuation, shelter-in-place, and relocating participants when required
Arrangements for backing up and protecting participant records
Links to local emergency services, government emergency management frameworks, and relevant state or territory disaster plans
A schedule for testing, reviewing, and updating the plan (at minimum annually, and following any actual emergency)
Evidence of staff training and induction in emergency procedures

Individual participant-level requirements

For each participant, particularly those in residential settings, your plan must be supported by an individual emergency management plan (sometimes called a Personal Emergency Evacuation Plan or PEEP). This document should capture:

The participant's specific support needs during an emergency (mobility, communication, medication, equipment)
Who will assist the participant and in what sequence
The participant's preferred emergency contacts and any relevant guardianship or decision-support arrangements
Any adjustments required to standard evacuation procedures to meet the participant's needs
The participant's consent to, and involvement in, developing the plan

Incident reporting obligations during emergencies

Emergency situations frequently give rise to reportable incidents under the NDIS (Incident Management and Reportable Incidents) Rules. Providers must have an incident management system that integrates with their emergency plan — so that if a participant is injured, goes missing, or is placed in an unplanned restrictive situation during an emergency, the provider can meet its reporting obligations to the Commission within the required timeframes.

Failure to report a notifiable incident, including one arising from a poorly managed emergency, is itself a compliance breach that can attract Commission scrutiny.

What auditors look for — common non-conformances

During approved quality audits, emergency management is routinely examined. Common findings that lead to non-conformances include:

A generic plan with no site-specific or participant-specific content — a template that has not been adapted to the actual premises, geography, or participant cohort
No documented evidence of drills or testing — a plan that exists on paper but has never been practised
Staff unaware of the plan — workers who cannot describe their role in an emergency or locate the relevant procedures
No individual participant emergency plans — particularly problematic in SIL settings where participants have complex needs
Plan not reviewed after a real emergency or near-miss — failing to capture lessons learned
No link to incident management — emergency procedures that do not reference the provider's reportable incident obligations

Consequences of not having an adequate plan

The Commission has a range of enforcement tools available where providers fail to meet Practice Standards requirements. These include compliance notices, conditions on registration, suspension, or cancellation of registration. In cases where a participant is harmed because a provider did not have adequate emergency arrangements in place, the Commission may also investigate under the Code of Conduct and refer matters to other regulatory bodies.

Beyond regulatory consequences, providers without adequate plans face significant reputational and legal exposure if a participant is injured or goes missing during an emergency that the plan should have addressed.

Practical steps to build or strengthen your plan

Map the emergency risks specific to your location(s) — consult your state or territory emergency management agency for hazard registers
Audit your current procedures against the NDIS Practice Standards requirements and identify gaps
Develop or update individual emergency plans for every participant in residential or centre-based settings, in partnership with the participant
Assign and document clear staff roles for every emergency scenario
Schedule and conduct at least one full evacuation drill per year, and document outcomes
Integrate your emergency plan with your incident management system and review the linkages
Set a calendar reminder for annual plan review, and review immediately after any real emergency

For SIL providers preparing for the strengthened 2026 registration requirements, having all your policy and procedure documentation in order before your audit date is essential. The ndiscompliant.com.au 74-document audit-ready SIL compliance kit includes an emergency and disaster management policy template, individual participant PEEP templates, and drill record forms — designed to meet current Commission expectations out of the box.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.