Do all SIL providers need a behaviour support policy even if no participants currently have restrictive practices?

Yes. The NDIS Practice Standards require SIL providers to have a behaviour support policy in place as a condition of registration, regardless of whether any regulated restrictive practices are currently used. The policy demonstrates your organisation is prepared to respond lawfully if the need arises.

What is the difference between a behaviour support plan and a behaviour support policy?

A behaviour support policy is your organisation's governance document — it sets the rules, roles, and processes your service follows. A behaviour support plan (BSP) is a participant-specific document authored by a qualified Behaviour Support Practitioner that describes strategies for supporting an individual participant. Both are required and auditors check both.

Which regulated restrictive practices must be authorised before use under the NDIS rules?

The NDIS (Restrictive Practices and Behaviour Support) Rules 2018 identify five categories: chemical restraint, mechanical restraint, physical restraint, environmental restraint, and seclusion. Each requires state or territory authorisation before use. Prohibited practices — those that can never be authorised — include any practice that causes harm or degrades the participant.

How quickly must providers notify the NDIS Commission about the use of a regulated restrictive practice?

Notification requirements and timeframes are set out in the Behaviour Support Rules and vary depending on the type of restrictive practice and the circumstances. Providers should refer directly to the NDIS Commission's guidance on restrictive practice reporting and ensure their policy and staff training reflect the current notification obligations.

Can our behaviour support policy be the same document across multiple SIL houses?

One overarching policy can apply across multiple sites, provided it accurately reflects how behaviour support operates across all those settings. However, each participant must still have an individual behaviour support plan, and any site-specific procedures (such as environment-specific de-escalation spaces) should be addressed either in the policy or in site-level procedures referenced by it.

What worker qualifications does the NDIS Commission require for Behaviour Support Practitioners?

The NDIS Commission has established a capability framework that describes the competencies required at different levels of behaviour support practice. Providers must engage BSPs who meet the relevant capability level for the complexity of support required. SIL providers should verify that any engaged BSP is listed on the Commission's BSP register or can demonstrate they meet the framework requirements.

NDIS behaviour support policy: what auditors look for

Why your behaviour support policy is a high-priority audit document

For SIL providers and other disability support organisations, behaviour support sits at the intersection of participant rights, restrictive practice regulation, and worker safety. The NDIS Commission treats this area with particular scrutiny because the risks of getting it wrong — physical harm, rights violations, and criminal liability — are among the most serious in the sector.

When an approved quality auditor arrives for your initial registration or renewal audit, your behaviour support policy will be examined not just as a document but as evidence that your organisation genuinely understands and implements the NDIS Practice Standards. This article explains exactly what auditors check, the most common non-conformances, and how to prepare.

The regulatory framework auditors apply

Auditors assess behaviour support policies against a layered set of obligations:

NDIS Practice Standards — Module 2A (Behaviour Support): This module sets the quality indicators for providers who deliver behaviour support or implement behaviour support plans. It covers rights-based practice, positive behaviour support, restrictive practice authorisation, and documentation.
NDIS (Restrictive Practices and Behaviour Support) Rules 2018: These rules define what constitutes a regulated restrictive practice, when such practices are lawful, and the notification and reporting obligations attached to their use.
NDIS Code of Conduct: All workers and providers must act with respect, avoid harm, and support participants' rights to make their own decisions — principles that must be visible in your policy.
Strengthened Practice Standards (2026 framework): The NDIS Commission's strengthened standards, rolling out as part of the 2026 mandatory registration reforms, place heightened emphasis on outcomes-focused evidence, worker competency verification, and governance accountability. Auditors are increasingly applying these indicators even in transition audits.

What approved quality auditors actually check

Auditors use a structured assessment against quality indicators. The following areas are examined in every behaviour support audit:

1. Rights and dignity as the foundation

Auditors look for explicit language affirming that every participant has the right to be free from abuse, neglect, and unauthorised restrictive practices. The policy must not treat behaviour support as a compliance exercise — it must articulate a genuine commitment to positive behaviour support (PBS) as the default approach, with restrictive practices only considered as a last resort after less restrictive options have been exhausted and documented.

2. Defined scope and applicability

The policy must clearly state which services and participant cohorts it covers. For SIL providers, this typically means all residents receiving supported accommodation, all relevant workers (including casual and agency staff), and any overnight or on-call support contexts. A policy that is silent on scope leaves auditors uncertain whether it is genuinely embedded across your organisation.

3. Behaviour Support Practitioner engagement

Where any regulated restrictive practice is used, the policy must demonstrate that a qualified Behaviour Support Practitioner (BSP) — one who meets the NDIS Commission's capability framework requirements — is engaged to develop and review behaviour support plans. Auditors will cross-reference this against worker records, contracts with external BSPs, and file notes. A policy that describes BSP involvement without evidence of it in practice is a common source of non-conformance.

4. Restrictive practice authorisation and notification

This is one of the highest-risk audit areas. Auditors verify that your policy:

Defines each category of regulated restrictive practice (chemical, mechanical, physical, environmental, seclusion) using the legislative definitions
Requires state or territory authorisation before any regulated restrictive practice is used, in line with the relevant jurisdiction's framework
Mandates notification to the NDIS Commission within the timeframes prescribed in the Behaviour Support Rules
Prohibits the use of prohibited restrictive practices entirely, with no exceptions

Auditors often review a sample of participant files alongside the policy to check that authorisations are in place and notification records exist. Policy language alone is insufficient if the files tell a different story.

5. Behaviour support plan implementation and review

The policy must describe how behaviour support plans (BSPs) are implemented, monitored, and reviewed. Auditors look for:

A requirement that all relevant workers read and acknowledge the BSP before supporting the participant
A defined review cycle, including triggers for early review (such as a significant incident or change in participant circumstances)
A process for capturing worker observations and feeding these back to the BSP

6. Incident reporting integration

Behaviour-related incidents — including any use of a restrictive practice, whether authorised or not — must flow into your incident management system and be reportable to the NDIS Commission under the reportable incidents framework where applicable. Auditors check that your policy explicitly links behaviour incidents to your incident reporting obligations, and that workers understand this link.

7. Worker training and competency

A policy is only as effective as the workers who implement it. Auditors will ask for evidence that workers have received training in positive behaviour support approaches, de-escalation, and the lawful use of any restrictive practices in their role. Training records, induction checklists, and competency assessments are all fair game.

8. Governance and accountability

Under the strengthened 2026 standards, auditors are increasingly focused on whether leadership actively oversees behaviour support governance. Your policy should name who within your organisation holds accountability for behaviour support compliance (typically a senior leader or designated compliance role), describe how behaviour support data is reported to management, and reference how the policy is reviewed and updated.

Common non-conformances and how to avoid them

Non-conformance	What auditors see	The fix
Generic or template policy	Policy does not reflect the provider's actual service context or participant cohort	Customise the policy to your specific services, settings, and population
Restrictive practice categories undefined	Policy refers to "restrictive practices" without defining each regulated category	Include the legislative definitions verbatim or by clear reference
No evidence of BSP engagement	Policy says a BSP will be engaged but participant files show no BSP involvement	Maintain contracts, correspondence, and signed plans from engaged BSPs
Missing authorisation records	Restrictive practices in use but no state/territory authorisation documented	Build an authorisation register and audit it quarterly
Policy not known to workers	Workers interviewed cannot describe the policy or their obligations	Include policy acknowledgement in induction; run annual refresher training
No link to incident reporting	Behaviour incidents managed separately from the incident management system	Explicitly state that all behaviour-related incidents must be logged and, where required, reported to the NDIS Commission

A practical preparation checklist

Pull your current behaviour support policy and map every section against the Module 2A quality indicators — identify gaps before the auditor does.
Review all active participant files to confirm that a current, BSP-authored behaviour support plan is on file for every participant with a regulated restrictive practice in their support.
Check your authorisation register: is every regulated restrictive practice authorised, and is the authorisation current?
Confirm that NDIS Commission notifications for restrictive practice use are up to date and filed correctly.
Interview two or three frontline workers informally — can they explain what a restrictive practice is, what to do if they witness one used unlawfully, and where to find the BSP?
Verify training records show completion dates and that no worker has an overdue refresher.
Ensure your policy review date is current (annual review is the sector standard) and that a named role is accountable for it.

Preparing your full documentation set

A strong behaviour support policy rarely exists in isolation. Auditors also examine the incident management policy, the complaints policy, the restrictive practice register, and worker training records as a connected evidence set. Providers who approach audit preparation document-by-document often discover late that these materials do not align with each other — a finding that compounds non-conformances.

If you are building or rebuilding your compliance documentation from the ground up, the 74-document audit-ready SIL compliance kit at ndiscompliant.com.au includes a behaviour support policy template, a restrictive practice authorisation register, and the full suite of supporting documents that auditors expect to see together.

What happens when auditors find non-conformances

Minor non-conformances typically result in a corrective action request with a specified timeframe for rectification. Major non-conformances — such as evidence of unauthorised restrictive practice use, or a complete absence of behaviour support documentation — can result in a finding that delays or prevents registration, or in a referral to the NDIS Commission's compliance and enforcement team. Given the 2026 mandatory registration requirements, providers who have not resolved behaviour support non-conformances risk being unable to deliver SIL services lawfully.

The time to address these gaps is before the auditor arrives, not during the audit itself.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.