Is a written NDIS Code of Conduct policy mandatory for registered SIL providers?

Yes. Registered NDIS providers must be able to demonstrate compliance with the NDIS Code of Conduct and the Practice Standards, which requires documented policies. An approved quality auditor will request your Code of Conduct policy as evidence during a certification audit.

Does the Code of Conduct apply to contractors and volunteers, not just employees?

Yes. The NDIS Code of Conduct applies to registered providers and all of their workers, which the NDIS Commission defines broadly to include employees, contractors, subcontractors, and volunteers delivering NDIS supports.

How quickly must a provider respond to a suspected Code of Conduct breach?

There is no single fixed timeframe for an internal investigation, but if the breach constitutes a reportable incident — for example, abuse or neglect — the NDIS Commission's reporting timeframes apply (generally 24 hours for incidents with immediate risk, five days for others). Internal triage should begin immediately.

Can we use the filled-in sample above as our actual policy?

The sample is a realistic example to guide your own document. You must replace placeholder text with your actual provider name, registration number, internal systems, and role titles, and ensure the policy reflects your real operational controls before using it as evidence in an audit.

How often should we review our Code of Conduct policy?

At minimum annually, and also following any reportable incident involving a conduct breach, any change to NDIS Commission rules or guidance, or any significant change to your service delivery model. Document each review with a version number and effective date.

What happens if the NDIS Commission finds a worker has breached the Code of Conduct?

The Commission can investigate and take action against the individual worker directly, independent of any action the provider takes. Outcomes can include a banning order preventing the person from delivering NDIS supports. Providers are expected to cooperate fully with Commission investigations.

NDIS code of conduct policy: example filled-in sample

What the NDIS Code of Conduct policy must do

The NDIS Code of Conduct, established under the National Disability Insurance Scheme Act 2013 and the NDIS (Code of Conduct) Rules 2018, applies to every registered NDIS provider and their workers. For SIL providers, a written Code of Conduct policy is a practical piece of evidence that an approved quality auditor will request during a certification or verification audit under the NDIS Practice Standards.

The policy must translate the seven Code obligations into day-to-day expectations that every worker — permanent, casual, and contractor — understands and signs off on.

The seven worker obligations at a glance

Act with respect for individual rights to freedom of expression, self-determination, and decision-making.
Respect the privacy of people with disability.
Provide supports and services in a safe and competent manner, with care and skill.
Act with integrity, honesty, and transparency.
Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports.
Take all reasonable steps to prevent and respond to all forms of violence, exploitation, neglect, and abuse.
Take all reasonable steps to prevent and respond to sexual misconduct.

Filled-in sample policy excerpt

The block below is a realistic, provider-level example. Replace the bracketed fields with your organisation's details before use.

Policy field	Filled-in example content
Document title	NDIS Code of Conduct Policy
Provider name	Sunrise Supported Living Pty Ltd
NDIS registration number	4-XXXXXXX (insert your number)
Policy owner	Quality and Compliance Manager
Review cycle	Annually, or following any legislative change or reportable incident involving a Code breach
Version	3.1 — effective 1 July 2026
Applies to	All employees, contractors, volunteers, and students on placement delivering SIL supports under Sunrise Supported Living Pty Ltd

Purpose statement (filled-in example)

"Sunrise Supported Living Pty Ltd is committed to delivering safe, respectful, and person-centred SIL supports. This policy sets out how we meet our obligations under the NDIS Code of Conduct and the NDIS Practice Standards, and how we respond when those obligations are not met."

Obligations and how we meet them — filled-in example

Code obligation	How Sunrise Supported Living Pty Ltd meets it
Act with respect for individual rights	All workers complete our Rights and Responsibilities induction module. Participants have a documented Support Plan that records their communication preferences, decisions they make independently, and any supported decision-making arrangements.
Respect privacy	Participant information is stored in our encrypted case-management system (AccessCare). Workers sign a Confidentiality Agreement at commencement and annually thereafter. No participant photos or identifying details are shared on social media.
Provide supports safely and competently	Workers hold required qualifications per our Workforce Competency Matrix (Certificate III in Individual Support minimum for SIL roles). Medication administration requires annual competency sign-off by our Registered Nurse.
Act with integrity, honesty, and transparency	Workers declare conflicts of interest annually via our COI Register. Financial transactions involving participant funds require dual-worker authorisation and are recorded in participant ledgers reviewed monthly by the Finance Manager.
Raise concerns promptly	Workers use the Sunrise Speak-Up Line (internal) or the NDIS Commission's reporting pathway. Concerns are logged in our Incident Register within 24 hours of becoming known. The Quality Manager acknowledges and triages within one business day.
Prevent and respond to VENA	All workers complete mandatory Safeguarding training before their first shift and refresher training annually. Suspected or actual abuse is reported to the NDIS Commission via the provider portal as a reportable incident and, where required, to police.
Prevent and respond to sexual misconduct	Our zero-tolerance Sexual Misconduct Policy (POL-SM-01) sits alongside this document. Any allegation triggers immediate suspension of the worker from participant-facing duties pending investigation.

Breach procedure (filled-in example)

Report: Worker or witness reports the suspected breach to their Team Leader or the Quality Manager immediately.
Assess: Quality Manager assesses whether the matter is a reportable incident under the NDIS (Incident Management and Reportable Incidents) Rules 2018 and notifies the NDIS Commission within the required timeframe where applicable.
Investigate: An internal investigation is conducted in accordance with our Incident Management Policy (POL-IM-02). The accused worker is stood down from participant contact during investigation if there is a risk of harm.
Outcome: Findings are documented. Consequences range from additional training and supervision through to termination of employment, depending on severity. All outcomes are recorded in the worker's personnel file and the Incident Register.
Review: The Quality Manager reviews whether a systems change is needed to prevent recurrence and updates the Risk Register accordingly.

Worker acknowledgement (filled-in example)

"I, [Worker Full Name], acknowledge that I have read, understood, and agree to comply with the NDIS Code of Conduct Policy. I understand that a breach of the Code of Conduct may result in disciplinary action up to and including termination of my engagement with Sunrise Supported Living Pty Ltd and referral to the NDIS Commission."

Signed: _________________________ Date: _____________

What auditors look for in this policy

When an approved quality auditor assesses your Code of Conduct policy against the NDIS Practice Standards (particularly the Core Module on Rights and Responsibilities), they will typically check for:

Clear reference to all seven Code obligations — not just a paraphrase but evidence of how each is operationalised.
Named roles with accountability (who owns the policy, who investigates breaches).
A defined breach and investigation procedure that links to your incident management system.
Evidence that workers have read and signed the policy — usually a signed acknowledgement kept on file or in your HRIS.
A review date and version control showing the policy is kept current.
Alignment with your Complaints Management and Whistleblower policies so reporting pathways are consistent.

A common non-conformance auditors flag is a policy that lists the Code obligations verbatim from the legislation but provides no operational detail about how the provider actually meets them. The filled-in sample above addresses this by mapping each obligation to a concrete internal control.

Keeping the policy current under the strengthened framework

The NDIS Commission's strengthened Practice Standards, which began rolling out with the 2024 legislative amendments and continue to be implemented through 2025 and 2026, place greater emphasis on worker screening, ongoing training, and systemic safeguarding. Review your Code of Conduct policy whenever:

The NDIS Commission issues updated guidance or a Practice Alert affecting worker conduct obligations.
A reportable incident in your organisation reveals a gap between policy and practice.
You engage a new service delivery model (such as adding in-home SIL from a previously SDA-only model).
Relevant legislation — including state and territory working-with-children or criminal history check requirements — changes in your jurisdiction.

Building a complete compliance document set

A Code of Conduct policy works best as part of an integrated suite. SIL providers also need written policies covering incident management, complaints, restrictive practices, medication management, behaviour support, worker screening, and privacy — among others. If you are building or auditing your full document set ahead of a 2026 registration renewal, the 74-document audit-ready SIL compliance kit at ndiscompliant.com.au provides pre-filled templates aligned to the NDIS Practice Standards across all these areas, reducing the time needed to prepare evidence for an approved quality auditor.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.