Is a Code of Conduct policy mandatory for NDIS registration?

Yes. Every registered NDIS provider must have a written Code of Conduct policy that reflects the seven obligations set by the NDIS Commission. This policy is assessed against the NDIS Practice Standards during your registration audit and must be evidenced through training records, declarations, and supporting procedures.

Does the NDIS Code of Conduct apply to subcontractors and volunteers?

Yes. The NDIS Code of Conduct applies to all workers, which includes employees, subcontractors, volunteers, and students on placement. Your Code of Conduct policy must explicitly state this scope, and all workers must be inducted and sign a declaration before delivering supports.

How often should a Code of Conduct policy be reviewed?

Best practice — and what auditors expect — is a minimum annual review. The policy should also be reviewed following any significant incident, a change in legislation or NDIS Commission guidance, or when new service types are added to your registration. Version control with review dates must be visible on the document.

What is the difference between the Code of Conduct and the NDIS Practice Standards?

The NDIS Code of Conduct sets the behavioural obligations for all providers and workers. The NDIS Practice Standards set the quality and safety requirements that registered providers must demonstrate through their systems, policies, and service delivery. Your Code of Conduct policy is one of the documents audited against the Practice Standards.

Can a worker be dismissed for breaching the NDIS Code of Conduct?

Yes. Serious or repeated breaches of the Code of Conduct can result in disciplinary action including termination. Providers must have a documented procedure for investigating alleged breaches and must consider interim risk management steps to protect participants while an investigation is underway.

What should I do if a worker reports a concern about a colleague's conduct?

Your Code of Conduct policy should include a clear reporting pathway — typically to a supervisor, manager, or the Responsible Person — as well as a Whistleblower or Speak Up procedure that protects the reporting worker from reprisal. Certain disclosures must also be reported to the NDIS Commission as a reportable incident.

NDIS Code of Conduct Policy Checklist for New Providers

Why New Providers Need a Code of Conduct Policy

The NDIS Code of Conduct applies to every registered NDIS provider and their workers from day one of service delivery. It is not optional, and having a standalone written policy that operationalises the Code is one of the first things an approved quality auditor will look for when assessing your organisation against the NDIS Practice Standards.

Under the strengthened registration framework taking full effect in 2026, the NDIS Commission has increased scrutiny of governance and management systems — including how providers embed the Code of Conduct into day-to-day practice. A vague one-page statement will not pass. Auditors want to see policy, procedure, training evidence, and demonstrated accountability.

This checklist walks you through every element your Code of Conduct policy must address before you apply for registration or undergo audit.

The Seven NDIS Code of Conduct Obligations

Your policy must address each of the following obligations in plain, operational language. Listing the obligations is not enough — you must describe how your organisation will meet them.

Act with respect for individual rights to freedom of expression, self-determination, and decision-making. Your policy should explain how workers support participant choice and how advocacy is facilitated.
Respect the privacy of people with disability. Link your Code of Conduct policy to your Privacy and Confidentiality Policy and describe how information is handled.
Provide supports and services in a safe and competent manner with care and skill. Reference your competency-based recruitment processes and supervision arrangements.
Act with integrity, honesty, and transparency. Describe your conflict-of-interest procedure and how workers are expected to disclose concerns.
Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports. Reference your incident reporting procedure and explain how workers escalate issues without fear of reprisal.
Take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect, and abuse of, people with disability. Link to your Safeguarding Policy and mandatory reporting obligations.
Take all reasonable steps to prevent sexual misconduct. Describe your zero-tolerance statement, reporting pathway, and how complaints involving workers are managed.

Code of Conduct Policy Checklist

Use the following checklist to verify your policy is audit-ready. Each item should be evidenced by a document, register, or procedure you can produce during an audit.

Policy Document Essentials

Policy states the purpose, scope, and who it applies to (workers, subcontractors, volunteers, students on placement)
Each of the seven Code of Conduct obligations is addressed with specific procedural language
Policy is written in plain English and accessible formats are available on request
Version control is evident — document includes a review date, version number, and approval signature
Policy is reviewed at least annually or following any significant incident or legislative change
Policy is approved by the governing body or responsible person

Worker Induction and Training

All workers (paid and unpaid) receive Code of Conduct training before delivering supports
Training covers each of the seven obligations in practice, not just theory
A training register is maintained with worker name, date, method, and sign-off
Workers sign a declaration acknowledging they have read and understood the Code of Conduct policy
Refresher training is provided at defined intervals (commonly annually) and following incidents
NDIS Commission's free online worker orientation module is referenced or incorporated where appropriate

Complaints and Incident Reporting

A separate Complaints Management Policy exists and is cross-referenced in the Code of Conduct policy
Participants are told how to make a complaint (including to the NDIS Commission directly) at the start of service
A Reportable Incidents Policy exists and identifies all six categories of reportable incidents under the NDIS (Incidents Management and Reportable Incidents) Rules
Timelines for reporting incidents to the NDIS Commission are documented and understood by staff
A complaint and incident register is maintained and reviewed by management

Safeguarding and Misconduct

The policy states a zero-tolerance position on abuse, neglect, exploitation, and sexual misconduct
A procedure for responding to allegations against workers is documented, including interim risk management steps
The policy explains workers' obligation to report concerns about colleagues' conduct
Workers understand their obligation to report to the NDIS Commission under the worker screening framework
A Whistleblower or Speak Up procedure is referenced to protect workers who raise concerns

Restrictive Practices (where applicable)

If your organisation uses or supports regulated restrictive practices, the Code of Conduct policy links to your Behaviour Support Policy
The policy states that unauthorised restrictive practices are a breach of the Code of Conduct and will be reported as a reportable incident
Workers are trained on the difference between regulated and unauthorised restrictive practices

Governance and Accountability

The Responsible Person (key personnel) is named in the policy as accountable for Code of Conduct compliance
A process for investigating alleged breaches by workers is documented
Disciplinary consequences for Code of Conduct breaches are clearly stated
The policy is accessible to participants, their families, and support networks on request
The policy is made available to the NDIS Commission on request

Common Gaps Auditors Find

Approved quality auditors consistently identify the following non-conformances in Code of Conduct policies for new providers:

Gap	Why it matters
Policy lists obligations but contains no procedures	Auditors need to see how the obligations are met, not just that they exist
Training register is missing or incomplete	Without evidence of induction, compliance cannot be demonstrated
No worker acknowledgement declarations	The provider cannot show individual workers were made aware of expectations
Policy scope excludes subcontractors or volunteers	The Code applies to all workers regardless of employment type
No review date or version control	Auditors require evidence the policy is actively maintained
Restrictive practices not referenced (for relevant services)	SIL and high-intensity providers must link safeguarding to behaviour support obligations

Linking the Code of Conduct to Your Broader Document Suite

A standalone Code of Conduct policy is necessary but not sufficient. The NDIS Practice Standards require a system of interlocking policies. Your Code of Conduct policy should cross-reference and be supported by:

Privacy and Confidentiality Policy
Complaints Management Policy and Procedure
Incident Management and Reportable Incidents Policy
Safeguarding Vulnerable People Policy
Behaviour Support Policy (if restrictive practices are used)
Recruitment and Screening Policy (NDIS Worker Screening checks)
Whistleblower and Speak Up Policy
Risk Management Policy

For SIL providers in particular, the 2026 strengthened framework places heightened obligations on high-intensity supports. Your document suite needs to demonstrate that the Code of Conduct is embedded across every support context — from overnight shifts to personal care and medication administration.

If you are building your policy library from scratch, the 74-document audit-ready SIL compliance kit available at ndiscompliant.com.au covers all of the above, pre-mapped to the current NDIS Practice Standards and the strengthened 2026 requirements, which can significantly reduce preparation time before your registration audit.

Before You Submit Your Registration Application

Before lodging your registration application with the NDIS Commission, confirm the following minimum readiness indicators:

Your Code of Conduct policy is finalised, signed, and version-controlled
All staff (including any subcontractors) have been inducted and declarations are signed
Your training register shows completion dates for all current workers
Your complaints and incident management procedures are in place and tested
Your policy has been sighted and approved by your governing body
You can produce all cross-referenced policies on request

The NDIS Commission may request copies of policies at application stage or at any point during your registration period. Providers that maintain living documents — reviewed annually and updated after incidents — are consistently better placed during audit than those who treat compliance as a one-time exercise.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.