Is an NDIS code of conduct policy mandatory for registered providers?

Yes. Registered NDIS providers must be able to demonstrate compliance with the NDIS Code of Conduct under the NDIS Practice Standards. A documented policy is the primary evidence auditors use to assess whether your organisation has operationalised the Code's seven obligations across your workforce.

Does the code of conduct policy apply to contractors and casual staff?

Yes. The NDIS Code of Conduct applies to all 'NDIS workers', which includes employees, contractors, volunteers, and students on placement. Your policy must explicitly state this scope, and you should hold signed acknowledgements for all worker categories, including casuals and subcontractors.

How often should we review our NDIS code of conduct policy?

Best practice — and what auditors look for — is a formal review at least annually, plus an unscheduled review following any significant incident, staff breach, or regulatory change. Document each review with a version number, review date, and the name of the approving officer.

What happens if a worker breaches the NDIS Code of Conduct?

A breach may trigger an internal disciplinary process, mandatory notification to the NDIS Quality and Safeguards Commission as a reportable incident, referral to police where a criminal act is alleged, and — for registered workers — a formal investigation by the Commission that could result in a banning order.

What is the difference between the NDIS Code of Conduct and the NDIS Practice Standards?

The Code of Conduct sets behaviour obligations for individual workers and providers. The Practice Standards set quality and safety outcomes that registered providers must achieve at an organisational level. Your code of conduct policy sits under both frameworks — it demonstrates worker-level compliance while also being an organisational governance requirement under the Standards.

Can we use a generic code of conduct policy template for our SIL service?

A generic template is a starting point only. SIL providers must contextualise the policy to their specific residential setting, addressing risks such as personal boundaries in shared homes, use of monitoring technology, overnight shift conduct, and the intersection of participant rights with safety obligations. Auditors will identify a template that has not been adapted to your operational context.

How to write an NDIS code of conduct policy (2026 template + example)

Why every registered NDIS provider needs a code of conduct policy

The NDIS Code of Conduct applies to all registered NDIS providers and their workers, including sole traders, SIL providers, and support coordination services. Under the National Disability Insurance Scheme Act 2013 and the NDIS Practice Standards, providers must not only comply with the Code — they must be able to demonstrate that compliance through documented policies, training records, and governance systems.

With the strengthened NDIS Practice Standards taking effect from late 2024 and continuing to be embedded through 2026 audit cycles, quality auditors are placing greater weight on whether your code of conduct policy is operational (used and understood by workers) rather than merely filed away. SIL providers face particularly close scrutiny because of the intensity and intimacy of the support environment.

What the NDIS Code of Conduct requires

The Code sets out seven obligations for providers and workers. Your policy must address each one directly:

Act with respect for individual rights — including the right to self-determination, privacy, and dignity.
Respect the privacy of people with disability — covering information handling, consent, and confidentiality.
Provide supports and services in a safe and competent manner — with care and skill.
Act with integrity, honesty, and transparency — no false or misleading conduct.
Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports — including raising concerns internally and through the Commission.
Take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect and abuse of, people with disability.
Take all reasonable steps to prevent and respond to sexual misconduct.

Your policy document is evidence that your organisation has operationalised these obligations — not just acknowledged them.

Step-by-step: how to write your NDIS code of conduct policy

Step 1 — Define scope and purpose

Open with a clear statement of who the policy applies to. This must cover employees, contractors, volunteers, students on placement, and — where applicable — third-party subcontractors. SIL providers should explicitly name the residential and community settings covered.

Step 2 — State the legislative and regulatory basis

Reference the following in your policy:

The National Disability Insurance Scheme Act 2013 (Cth)
The NDIS (Code of Conduct) Rules 2018
The NDIS Practice Standards (Quality Indicators)
Your obligations under the Reportable Incidents framework

Naming these instruments demonstrates to auditors that your policy is grounded in current law, not generic template text.

Step 3 — Articulate expected behaviours against each Code obligation

For each of the seven Code obligations, describe what compliance looks like in your specific operational context. Avoid copying the legislation verbatim — translate it into concrete workplace behaviours. For example, under Obligation 1 (rights), specify how workers must support a participant to make their own choices, even when that choice involves accepted risk.

Step 4 — Define prohibited conduct

Explicitly list conduct that breaches the Code. Common items include:

Physical, psychological, financial, or sexual abuse
Neglect of care needs
Unauthorised use of restrictive practices
Failure to report a reportable incident
Misuse of a participant's funds or property
Disclosure of private participant information without consent
Engaging in or facilitating conflicts of interest that harm a participant

Step 5 — Establish reporting and escalation pathways

Workers must know exactly how to report a suspected breach — internally and externally. Your policy should specify:

The internal reporting line (e.g., direct supervisor, then safeguarding lead)
When and how to contact the NDIS Quality and Safeguards Commission directly (including the Commission's complaints and reportable incidents channels)
Whistleblower protections and your organisation's commitment to no-retaliation
Timeframes for internal review following a report

Step 6 — Describe consequences for breach

The policy must make clear that breaches are taken seriously and may result in disciplinary action up to and including termination, referral to the Commission, or notification to police where a criminal matter is alleged. For SIL providers, a breach by a worker may also trigger a mandatory reportable incident notification to the Commission.

Step 7 — Set out training and acknowledgement requirements

Specify that all workers must receive induction training on the Code of Conduct, sign an acknowledgement that they have read and understood the policy, and complete refresher training at a defined interval (commonly annually). Keep signed acknowledgements on personnel files — auditors frequently request these.

Step 8 — Document review and version control

Your policy should carry a version number, issue date, next review date, and the name of the approving officer. The strengthened standards place additional emphasis on continuous improvement, so demonstrate that this is a live document reviewed at least annually or following a significant incident or regulatory change.

Template excerpt: what a completed section looks like

Policy Title: NDIS Code of Conduct Policy
Version: 3.1 | Issued: January 2026 | Next Review: January 2027
Approved by: Chief Executive Officer

3. Expected Conduct — Obligation 6: Prevention of Violence, Abuse, Neglect and Exploitation

All workers at [Organisation Name] must:
- Treat every participant with dignity and refrain from any act or omission that constitutes abuse, neglect, exploitation or violence.
- Actively monitor the wellbeing of participants in their care and promptly escalate any concern to the Team Leader or Safeguarding Officer, even where no reportable incident threshold has been met.
- Participate in mandatory annual training on recognising and responding to abuse and neglect indicators.
- Immediately contact emergency services where a participant is at risk of serious harm, and notify the Safeguarding Officer within two hours.

Prohibited conduct includes but is not limited to: physical restraint outside an approved Behaviour Support Plan, leaving a participant unattended in a manner that compromises their safety, and failure to document and report a witnessed incident.

Breach of this section may constitute a Reportable Incident under the NDIS (Reportable Incidents) Rules 2019 and will trigger mandatory notification to the NDIS Quality and Safeguards Commission.

Key elements auditors check during a code of conduct policy review

Audit check	Common non-conformance
Policy covers all seven Code obligations	Sexual misconduct and exploitation obligations omitted or vaguely worded
Signed worker acknowledgements on file	Acknowledgements absent for contractors and casual staff
Reporting pathways are specific and actionable	Policy says "report to management" without naming a role or timeframe
Breach consequences described	No link drawn between breach and mandatory Commission notification
Training requirements documented	No evidence of refresher training frequency or delivery method
Version control and review cycle present	Policy undated or not reviewed following a significant incident

SIL-specific considerations for 2026

SIL providers carry a heightened duty of care given the around-the-clock nature of supports. Your code of conduct policy should address the specific risks present in residential settings, including appropriate personal boundaries, the use of surveillance or monitoring technology only with informed consent, and the management of conflicts between participant preferences and safety obligations.

Under the strengthened Practice Standards, SIL providers are also expected to demonstrate how the code of conduct policy connects to their broader incident management, behaviour support, and complaints handling frameworks — not operate as a standalone document.

If you are building or overhauling your compliance document suite, the 74-document audit-ready SIL compliance kit available at ndiscompliant.com.au covers the code of conduct policy alongside all related governance documents, saving significant drafting time ahead of registration audits.

Final checklist before you publish your policy

All seven NDIS Code of Conduct obligations addressed with specific workplace behaviours
Prohibited conduct listed explicitly
Internal and external reporting pathways named with timeframes
Whistleblower protection and no-retaliation commitment included
Consequences for breach linked to disciplinary process and Commission notification
Worker training frequency and acknowledgement process documented
Version number, issue date, review date, and approving officer recorded
Policy cross-referenced to incident management, complaints, and behaviour support policies

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.