Who can write a behaviour support plan under the NDIS?

A behaviour support plan that includes a regulated restrictive practice must be prepared by an NDIS-registered behaviour support practitioner. Support workers, coordinators, and other staff cannot prepare or substantially amend a compliant BSP on their own.

How often does a behaviour support plan need to be reviewed?

BSPs must be reviewed at least annually, and also following any significant incident involving a behaviour of concern, a change in the participant's circumstances, or where the plan is not achieving its intended outcomes. The review must be conducted or overseen by the registered behaviour support practitioner.

What are regulated restrictive practices under the NDIS?

Regulated restrictive practices are defined in the NDIS (Restrictive Practices and Behaviour Support) Rules 2018 and include chemical restraint, mechanical restraint, physical restraint, environmental restraint, and seclusion. All five types require state or territory authorisation before use and must be reported monthly to the NDIS Commission.

What happens if a provider uses a restrictive practice without authorisation?

Using a regulated restrictive practice without the required authorisation constitutes a non-conformance against the NDIS Practice Standards. It may also trigger Commission investigation, civil penalty proceedings, and conditions on or suspension of the provider's registration. The incident must also be reported as a reportable incident.

How do providers report restrictive practices to the NDIS Commission?

Providers must submit monthly reports through the myplace provider portal, detailing each instance of a regulated restrictive practice used during the month. Reports must be lodged even if no restrictive practices were used in a given month if the provider is registered to use them.

What documentation do auditors check for behaviour support compliance?

Auditors typically check that a registered practitioner prepared the BSP, that authorisation documents are current and on file, that monthly Commission reports have been lodged, that staff training records exist for workers implementing the plan, that incident reports link to BSP reviews, and that shift notes reflect the implementation of positive behaviour support strategies.

Implementing Behaviour Support Plans: Common Audit Non-Conformities

Why Behaviour Support Plans Are a High-Risk Area in NDIS Audits

Behaviour support is one of the most heavily scrutinised areas in any NDIS quality audit. For SIL and disability-support providers, the stakes are high: non-conformances in this domain can attract conditions on registration, civil penalties, or mandatory suspension of restrictive practices. The NDIS Practice Standards — including the Behaviour Support module — set specific, enforceable requirements, and the strengthened 2026 registration framework has increased the frequency and rigour of surveillance audits for providers who use regulated restrictive practices.

This article identifies the top non-conformities approved quality auditors (AQAs) actually flag during BSP-related audits, explains why they arise, and outlines what your organisation needs to do to close each gap.

The Regulatory Framework at a Glance

Before examining specific errors, it helps to understand the rules stack auditors work from:

NDIS Practice Standards (Behaviour Support module) — requires providers to implement BSPs prepared by an NDIS-registered behaviour support practitioner, and to ensure any regulated restrictive practice is authorised, reported, and regularly reviewed.
NDIS (Restrictive Practices and Behaviour Support) Rules 2018 — defines regulated restrictive practices (chemical, mechanical, physical, environmental, and seclusion), notification obligations, and the role of the Commission.
NDIS Code of Conduct — includes obligations to provide supports free from violence, abuse, neglect, and exploitation; BSP non-compliance can breach the Code.
Strengthened Practice Standards (2026) — introduce a new self-assessment framework and extend scrutiny of positive behaviour support implementation against participant outcomes rather than just procedural compliance.

The 7 Most Common BSP Audit Non-Conformities

1. Plans Not Prepared or Signed Off by a Registered Behaviour Support Practitioner

Auditors consistently find BSPs that have been written or substantially amended by support workers, team leaders, or coordinators — not by an NDIS-registered behaviour support practitioner. The rules are clear: any plan that includes a regulated restrictive practice must be prepared by a registered practitioner. Operating under a plan that does not meet this requirement is a reportable incident exposure and a direct non-conformance against the Practice Standards.

The fix: Maintain a register of every participant who has a BSP. Record the name and NDIS registration number of the behaviour support practitioner responsible for each plan. Ensure your service agreement or funding arrangements include access to a registered practitioner for reviews and updates.

2. Restrictive Practices Used Without State/Territory Authorisation

Each state and territory has its own authorisation pathway for regulated restrictive practices (for example, guardian consent, tribunal approval, or senior practitioner authorisation). A significant number of providers are found using restrictive practices — often physical or environmental — without the required authorisation in place at the time of use.

The fix: Before any restrictive practice is implemented, obtain and document the relevant authorisation. Store authorisation documents alongside the BSP. Include expiry dates in your register and set calendar reminders for renewal well in advance.

3. Failure to Report Regulated Restrictive Practices to the NDIS Commission

Providers are required to report their use of regulated restrictive practices to the NDIS Commission on a monthly basis via the myplace provider portal. Auditors routinely find gaps where providers have used restrictive practices but have not submitted monthly reports, or where the reports submitted do not match the incident or support records.

The fix: Assign a named staff member as the responsible person for monthly restrictive practice reporting. Cross-check portal submissions against shift notes and incident logs each month before lodgement. Retain copies of submitted reports.

4. Plans That Are Outdated, Unsigned, or Not Version-Controlled

Auditors look at the document itself, not just whether a BSP exists. Common problems include plans with no review date, plans that have not been reviewed following a significant incident or change in the participant's circumstances, plans that lack signatures from the participant (and/or their authorised representative), and multiple versions in circulation with no version control.

The fix: Establish a BSP document-control policy. Every plan must carry a version number, a date of preparation, a review-due date, and signatures from all required parties. After any critical incident involving behaviour of concern, trigger an unscheduled review and record the outcome.

5. Inadequate Staff Training Records

The Practice Standards require that staff who implement a BSP have been appropriately trained in that plan. In audits, providers frequently cannot produce evidence that the specific workers implementing a plan have read, understood, and been trained in its contents — particularly for strategies involving restrictive practices or de-escalation techniques.

The fix: When a new BSP is activated (or an existing one is updated), run a documented induction or briefing for every worker who will implement it. Record attendance, date, and content covered. Keep training records in the participant's file, not just in a general HR folder.

6. Incident Reports Not Linked to BSP Review Triggers

A significant gap found in audits is the failure to connect incident management and behaviour support systems. An incident involving a behaviour of concern should automatically trigger a review of the BSP. Auditors find that incidents are recorded and closed without any reference to the participant's BSP, and that the BSP remains unchanged even after repeated incidents of the same type.

The fix: Embed a BSP-check step in your incident-management workflow. When closing an incident report for a behaviour of concern, the responsible manager must confirm whether the BSP requires review. Document the decision — even if the outcome is "no change required" — and keep this record in the incident file.

7. Positive Behaviour Support Strategies Not Implemented or Evidenced

The 2026 strengthened standards place greater emphasis on outcomes and positive behaviour support (PBS), not just procedural compliance. Auditors are increasingly looking at whether the proactive and preventive strategies in a BSP are actually being implemented, and whether shift notes and activity records reflect PBS in practice. A plan full of excellent strategies that shift workers never follow is a non-conformance waiting to happen.

The fix: Train workers on the specific PBS strategies for each participant, not just the restrictive practices. Audit a sample of shift notes regularly to confirm that strategies — such as choice-making, communication supports, or sensory activities — are being recorded. Where gaps exist, address them through supervision, not just re-training.

A Practical Pre-Audit Checklist for BSPs

List every participant with a BSP and confirm each plan was prepared by a registered behaviour support practitioner (record their practitioner number).
Check that all regulated restrictive practices have current, valid state/territory authorisation on file.
Verify that monthly restrictive practice reports to the NDIS Commission are up to date and match internal records.
Review version control: every plan has a version number, review date, and required signatures.
Confirm that all staff implementing each BSP have a dated training record on file.
Audit the last six months of incident reports — confirm any behaviour-of-concern incidents have a documented BSP-review decision.
Sample ten shift notes per participant with a BSP — check that PBS strategies are reflected in recorded supports.

Common Audit Finding Language to Watch For

Finding Type	Typical Auditor Language	Underlying Cause
Non-conformance (major)	"Restrictive practice implemented without authorisation"	No guardian/tribunal approval obtained before use
Non-conformance	"BSP not reviewed following reportable incident"	No link between incident management and BSP review workflow
Non-conformance	"Staff implementing BSP have no training record on file"	Training not documented or stored in wrong location
Improvement opportunity	"Proactive strategies not evidenced in daily records"	Workers not recording PBS implementation in shift notes
Non-conformance	"Monthly restrictive practice reports not submitted"	No named responsible person; reporting not in monthly calendar

Getting Audit-Ready

Behaviour support compliance is not a once-a-year exercise; it is an ongoing operational system. Providers that perform well in audits treat BSP management as a standing agenda item in governance meetings, assign clear ownership of reporting and review obligations, and build compliance checks into day-to-day operational rhythms rather than scrambling before an audit date.

If your organisation is preparing for initial registration or a renewal audit under the 2026 framework, a structured documentation kit can significantly reduce preparation time. The ndiscompliant.com.au 74-document audit-ready SIL compliance kit includes BSP implementation checklists, restrictive practice registers, monthly reporting templates, and staff training record formats aligned to the current Practice Standards — a practical starting point for providers building or strengthening their systems.

The Commission's expectations are high and are rising. Organisations that treat BSP compliance as a documentation exercise — rather than as a genuine system for protecting participant safety — will continue to attract non-conformances. The providers that audit well are those whose records simply reflect what they actually do, every shift, for every participant.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.