What is the difference between an incident and a reportable incident under the NDIS?

An incident is any event that causes or has the potential to cause harm to a participant, including near-misses. A reportable incident is a specific subset defined in the NDIS (Incident Management and Reportable Incidents) Rules 2018 — including death, serious injury, abuse, neglect, unlawful sexual or physical contact, and unauthorised restrictive practices — that must be formally notified to the NDIS Quality and Safeguards Commission within 24 hours of the provider becoming aware.

How long must a SIL provider keep incident records?

The NDIS Commission's guidance generally requires incident records to be retained for a minimum of seven years. Where incidents involve children or young people, state and territory record-keeping laws may require longer retention periods. Providers should check the relevant requirements in their jurisdiction.

Do near-misses need to be recorded in the incident register?

Yes. The NDIS Practice Standards require providers to record near-misses — events that did not result in harm but had the potential to. Near-miss data is a critical input for identifying systemic risks before a serious incident occurs.

How quickly must a reportable incident be notified to the NDIS Commission?

Under the NDIS (Incident Management and Reportable Incidents) Rules 2018, the initial notification must be made to the NDIS Commission within 24 hours of the provider becoming aware of the reportable incident. A follow-up report with fuller details is typically required within a further specified timeframe set out in the Rules.

Can a spreadsheet satisfy the NDIS incident register requirement, or does it need to be purpose-built software?

A well-designed and securely access-controlled spreadsheet can meet the requirement, provided it captures all mandatory fields, is accessible to the relevant staff, is regularly backed up, and is reviewed and managed as described in your incident management policy. Purpose-built software can make trend analysis and audit reporting easier but is not mandated.

What happens if an auditor finds our incident register is incomplete during an NDIS audit?

Incomplete incident registers are typically recorded as a non-conformance against the NDIS Practice Standards. Depending on severity, this may result in a corrective action plan, conditions on your registration, or — where serious incidents were not notified to the Commission — referral for regulatory action. Timely remediation and evidence of a strengthened system are essential responses.

How to write an NDIS incident register (2026 template + example)

Why your incident register matters under the 2026 NDIS framework

The NDIS Quality and Safeguards Commission requires all registered providers — and from 2026 all providers seeking or renewing registration under the strengthened framework — to maintain a systematic record of incidents. For SIL (Supported Independent Living) providers, the stakes are particularly high: you are delivering supports in people's homes around the clock, and the incident register is a primary piece of evidence that auditors examine to assess whether your organisation identifies risk, responds appropriately, and learns from what goes wrong.

An incident register is not simply a log. Under the NDIS (Incident Management and Reportable Incidents) Rules 2018 and the corresponding Practice Standards, the register must be part of a broader incident management system that includes detection, response, investigation, review, and improvement. Getting the document right from the outset protects participants, protects your registration, and demonstrates the genuine accountability that the Commission expects.

What the NDIS Practice Standards require you to record

The NDIS Practice Standards (Core Module, Indicator 1.7 and the associated Quality Indicators) specify that providers must have a system to:

Identify and record incidents, including near-misses and events that did not result in harm but had the potential to do so.
Respond in a timely way that prioritises participant safety.
Report to the NDIS Commission within the mandatory timeframes for reportable incidents (including death, serious injury, abuse, neglect, unlawful sexual or physical contact, and use of unauthorised restrictive practices).
Investigate incidents and implement corrective actions.
Use incident data to identify trends and drive continuous improvement.

The 2026 strengthened Practice Standards place greater emphasis on participant voice, co-design of safety systems, and provider accountability — meaning your register must also connect to how you have listened to and involved the participant affected.

Step-by-step: how to write and maintain an NDIS incident register

Define your incident categories before you start. Agree on a consistent taxonomy that separates reportable incidents (which trigger mandatory Commission notification) from internal incidents (managed in-house). Common categories include: falls and physical injury, medication errors, challenging behaviour, property damage, participant-to-participant incidents, staff misconduct, restrictive practice use, missing/absent participant, and near-misses.
Choose a format that is always accessible. A shared, permission-controlled spreadsheet or purpose-built software works better than a paper folder kept in one location. SIL services operating across multiple houses need a centralised register so patterns can be spotted across sites.
Set your mandatory fields. Every row in the register must capture, at minimum, the fields described in the template section below.
Assign a responsible person for each entry. The worker who was present or first aware of the incident creates the initial record, ideally within 24 hours. A supervisor or quality lead reviews and signs off within a set timeframe (typically 48–72 hours for non-reportable incidents).
Trigger the NDIS Commission notification pathway for reportable incidents. Reportable incidents must be notified to the Commission via the myNDIS Provider Portal. Initial notification is required within 24 hours of the provider becoming aware. The register entry must cross-reference the Commission notification reference number so there is a clear audit trail.
Complete the investigation and corrective action fields. Every incident — not just reportable ones — should have a brief investigation note and at least one documented corrective or preventive action. This is where many providers are found non-conformant during audits.
Review the register at regular intervals. Conduct a formal register review at least quarterly. Look for patterns: same participant, same time of day, same location, same support worker, same type of incident. Document your analysis and the actions you took as a result.
Retain records for the required period. The Commission's guidance requires incident records to be retained for a minimum of seven years (longer for incidents involving children, consistent with state and territory requirements).

Incident register template: mandatory fields

Field	What to capture
Incident ID	Unique sequential reference number (e.g., INC-2026-001)
Date and time of incident	Exact date and time the incident occurred (not when it was reported)
Date and time reported	When the provider became aware
Location	Address or site name (do not use participant full name here; use participant ID)
Participant ID	De-identified reference; full details held in the participant's individual file
Worker(s) involved	Name or ID of workers present or involved
Incident category	Select from your agreed taxonomy (e.g., fall, medication error, URP use)
Incident description	Factual, objective narrative of what happened — avoid opinion or blame
Immediate response	Actions taken in the moment (first aid, emergency services, participant support)
Reportable incident?	Yes / No — with the Commission category if Yes
Commission notification reference	Portal reference number and date submitted (if reportable)
Investigation summary	Root cause or contributing factors identified
Corrective / preventive action	What change was made, by whom, and by when
Action completed date	Date the corrective action was verified as complete
Reviewed by	Name and role of supervisor or quality officer who reviewed the entry
Status	Open / Under investigation / Closed

Filled-in example entry

The following is a realistic sample of a completed incident register row for a SIL property. All participant and worker details are fictional.

Incident ID	INC-2026-014
Date/time of incident	09 June 2026, 07:45
Date/time reported	09 June 2026, 08:10
Location	SIL House B — bathroom, 12 Example Street, Suburb
Participant ID	P-0042
Worker(s) involved	W-0017 (Support Worker, morning shift)
Incident category	Fall resulting in injury
Incident description	Participant P-0042 slipped on the bathroom floor while transferring from shower chair to wheelchair. Participant was assisted to the floor by worker W-0017 using safe-hold technique. Participant reported pain in left wrist. No loss of consciousness observed.
Immediate response	First aid applied. Ambulance called at 07:52. Participant transported to hospital at 08:20. Guardian notified at 08:05. Incident Management Coordinator notified at 08:10. Bathroom closed pending inspection.
Reportable incident?	Yes — serious injury (suspected fracture)
Commission notification reference	RI-2026-XXXXXX — submitted 09 June 2026, 11:30
Investigation summary	Non-slip mat in shower area found to be worn and lifting at corners. Manual handling protocol followed correctly by worker. Contributing factor: equipment maintenance check last completed four months prior.
Corrective / preventive action	(1) Non-slip mat replaced same day. (2) All SIL house bathroom equipment inspected by 13 June 2026. (3) Equipment maintenance schedule updated to monthly inspection cycle. (4) Debrief conducted with W-0017 on 10 June 2026.
Action completed date	13 June 2026
Reviewed by	Quality and Safeguarding Lead — 14 June 2026
Status	Closed

Common non-conformances found during audits

Approved quality auditors consistently find the following gaps when reviewing SIL providers' incident registers:

Entries created days or weeks after the incident. Delayed entries raise questions about accuracy and whether mandatory notification timeframes were met.
No corrective action recorded. Describing what happened without documenting what changed is the single most common finding across registered providers.
Near-misses excluded. Many providers only record incidents where harm occurred. Near-misses must also be recorded — they are your early-warning system.
No quarterly or periodic review. A register with no evidence of management oversight fails the continuous improvement requirement.
Commission notification reference missing. Auditors look for the cross-reference between the register and the myNDIS portal submission. If it is absent, the provider cannot demonstrate timely reporting.
Privacy breaches in the register itself. Using full participant names in a shared register that all staff can access may breach the Privacy Act 1988 and the NDIS Practice Standards on information management.

Connecting your register to continuous improvement

The register is only as valuable as the conversations it generates. At your quarterly review, summarise your data: total incidents by category, which participants were involved in multiple incidents, whether corrective actions from previous quarters were actually completed, and what patterns suggest a systemic risk. Present this summary to your leadership team and document the discussion. This is the evidence that separates providers who comply on paper from providers who genuinely protect participants.

If you are preparing for your NDIS audit or building your document suite from scratch, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that includes a pre-formatted incident register, investigation templates, quarterly review frameworks, and all supporting policies — purpose-built for the 2026 strengthened Practice Standards.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.