What is the difference between a minor and a major non-conformity in an NDIS audit?

A minor non-conformity indicates a gap in a practice or system that does not pose an immediate risk to participant safety or rights. A major non-conformity signals a significant or systemic failure — such as using restrictive practices without authorisation — that must be remedied before registration can be granted or renewed. Major findings can result in conditions on registration or referral to the Commission's compliance team.

How long does a provider have to respond to a non-conformity raised in an NDIS audit?

Timeframes are set by the approved quality auditor and the NDIS Commission based on severity. Major non-conformities typically require a corrective action plan to be submitted within a short window — often weeks — and evidence of closure before a registration outcome is issued. Minor findings may allow a longer remediation period but must still be addressed and evidenced.

Do SIL providers face different audit requirements compared to other registration groups?

Yes. SIL providers are assessed against the NDIS Practice Standards Core Module and the High Intensity Daily Personal Activities module. Because SIL involves 24/7 supported living, auditors apply heightened scrutiny to incident management, restrictive practices, behaviour support, and the quality of individual support plans. The 2026 strengthened framework has further reinforced these expectations.

What documents are auditors most likely to request during a SIL audit?

Auditors typically request incident registers, reportable incident notifications, behaviour support plans and their authorisations, restrictive practice reports submitted to the Commission, worker screening records, a sample of support plans, complaints registers, and governance documents such as risk registers, policies, and continuous improvement logs.

Can a provider continue operating if a major non-conformity is found?

Generally yes, but the Commission may impose conditions on the provider's registration or require a corrective action plan before renewal. In cases involving serious or ongoing risk to participants — such as sustained unauthorised use of restrictive practices — the Commission has powers to suspend or cancel registration and issue banning orders.

What is the best way to prepare for the strengthened 2026 NDIS Practice Standards audit?

Conduct a structured self-assessment against the current Practice Standards modules that apply to your registration scope, close any gaps you find before the audit, and ensure your documentary evidence is organised and readily accessible. Focusing on incident management, restrictive practices, worker screening, and person-centred support planning will address the highest-frequency non-conformity areas.

NDIS Common Non-Conformities (2026): What Auditors Find and How to Fix Them

Why Non-Conformities Matter More in 2026

The NDIS Commission's strengthened regulatory framework, which took effect progressively from late 2024 into 2026, has sharpened what approved quality auditors (AQAs) examine during certification and verification audits. For SIL (Supported Independent Living) providers — and indeed for any registered provider — a non-conformity raised during an audit is not merely administrative paperwork. It can trigger conditions on registration, mandatory corrective action plans, or, in serious cases, banning orders and registration suspension.

Understanding the most commonly cited non-conformities gives providers a practical head start. The patterns below are drawn from the NDIS Practice Standards, the NDIS Code of Conduct, and the Commission's publicly available audit guidance. If your self-assessment surfaces any of the issues listed here, treat it as an early warning — not a crisis — and act systematically.

The Most Common Non-Conformities Auditors Identify

1. Incomplete or Poorly Maintained Incident Management Systems

Incident management is one of the highest-frequency findings across all registration groups, but SIL providers attract particularly close scrutiny because of the 24/7 nature of supported living environments.

Reportable incidents not notified to the Commission within the required timeframes.
Internal incident registers lacking detail about the event, immediate response, and follow-up actions taken.
No evidence of post-incident review, trend analysis, or learning shared with the workforce.
Confusion between what must be reported externally versus what is managed internally.

The NDIS Practice Standards require providers to have a clearly documented system that covers identification, recording, internal review, external notification, and continuous improvement. Auditors will request your register, sample individual records, and ask staff how they identify and escalate incidents.

2. Restrictive Practice Authorisation Gaps

For SIL and behaviour support contexts, this is consistently one of the most serious finding categories. Non-conformities here almost always attract a major finding rather than a minor one.

Use of regulated restrictive practices without current, state/territory-authorised behaviour support plans in place.
Behaviour support plans that exist on paper but are not accessible to the direct support workers implementing them.
No evidence that participants (and where appropriate, their nominees) have been involved in or consented to the plan.
Failure to report use of restrictive practices to the Commission as required.
Expired authorisations where the provider continued using the practice without renewal.

Under the NDIS (Restrictive Practices and Behaviour Support) Rules 2018, providers must not use a regulated restrictive practice unless an NDIS behaviour support plan is in place and, where required, state or territory authorisation has been obtained. Auditors will check documentation trails end-to-end.

3. Worker Screening and Human Resources Records

Worker screening compliance has become a sharper audit focus since the Commission's strengthened workforce standards came into effect.

Risk-assessed roles not correctly identified as requiring an NDIS Worker Screening Check.
No documented process for verifying and recording screening clearances before workers commence.
Clearances not re-checked after a worker moves into a new risk-assessed role.
Volunteer and contractor screening treated inconsistently compared to employed staff.
Personnel files missing training records, particularly for mandatory inductions covering the Code of Conduct and safeguarding.

4. Support Plans That Do Not Reflect Participant Goals

Person-centred practice is a foundational requirement of the NDIS Practice Standards. Auditors frequently find that support plans are either generic, outdated, or disconnected from what participants say they actually want.

Plans written in provider language, not the participant's own voice or goals.
No evidence that the participant was meaningfully involved in developing or reviewing their support plan.
Plans not updated after a significant change in the participant's circumstances, needs, or preferences.
Lack of measurable outcomes or progress indicators, making it impossible to demonstrate whether supports are working.

The strengthened 2026 Practice Standards place greater emphasis on demonstrating active participant choice and control. A support plan that could have been written for any participant — rather than this specific person — is a reliable trigger for a non-conformity.

5. Complaints Handling: System Exists, Records Do Not

Most providers now have a complaints policy. The audit gap is almost always in the evidence of how complaints were actually handled.

Complaints received verbally but never recorded in the complaints register.
No documented acknowledgement to the complainant within required timeframes.
Resolution records that note an outcome but contain no analysis of root cause or improvement action.
Participants and families unaware of their right to escalate to the NDIS Commission.

6. Governance, Risk Management, and Quality Systems

Particularly for smaller SIL providers seeking certification for the first time under the strengthened framework, governance documentation is frequently underdeveloped.

No documented risk register or evidence that identified risks are actively monitored.
Policies and procedures that have never been reviewed, or that reference superseded versions of the Practice Standards.
No continuous improvement log demonstrating how the organisation learns from complaints, incidents, and audit findings.
Key Management Personnel unable to clearly articulate how quality assurance operates in practice.

How to Conduct an Effective Pre-Audit Self-Assessment

Map your registration groups to the relevant Practice Standards modules. SIL providers are assessed against the Core Module plus the High Intensity Daily Personal Activities module. Confirm exactly which standards apply to your scope.
Pull your incident register and test completeness. For a sample of incidents over the past 12 months, verify that each has a recorded response, a notification decision (reported or not, and why), and a review outcome.
Audit your restrictive practices documentation end-to-end. For every participant where a regulated practice is recorded, confirm the behaviour support plan is current, authorised, and accessible to implementing staff.
Run a workforce screening check. Export your staff list, identify risk-assessed roles, and verify that a current NDIS Worker Screening clearance is on file for each person.
Review a sample of support plans with a person-centred lens. Ask: could you tell whose plan this is by reading the goals? Is there a review date? Is there evidence the participant signed off?
Walk your complaints system forward from receipt to resolution. Select three complaints from the past year and trace every step: receipt, acknowledgement, investigation, outcome, improvement action.
Check your policy suite against the current Practice Standards version. Policies referencing an older framework version are a quick-win finding for auditors and an easy fix for you.

Common Non-Conformity Quick-Reference Table

Area	Typical Finding	Severity Tendency
Incident management	Incomplete records, missed notification timelines	Minor to Major
Restrictive practices	No current authorisation or plan	Major
Worker screening	Missing clearances on file	Minor to Major
Support planning	Generic plans, no participant input evidence	Minor
Complaints handling	Verbal complaints not recorded	Minor
Governance	No active risk register or improvement log	Minor to Major

Building a Corrective Action Plan

If your self-assessment surfaces findings, prioritise them by severity and by how close your next audit is. Restrictive practice and incident management gaps almost always require immediate action because they carry participant safety risk, not just compliance risk. Governance and documentation gaps can often be addressed systematically over weeks rather than days.

Document every corrective action: what the gap was, what you did, who was responsible, and when it was verified as closed. This continuous improvement record is itself something auditors look for, and it demonstrates a quality culture rather than reactive box-ticking.

If you are working toward certification or renewal under the 2026 strengthened standards and need a structured starting point, the 74-document audit-ready SIL compliance kit at ndiscompliant.com.au covers the key modules — including incident management templates, behaviour support documentation, HR screening registers, and support plan frameworks — and may save significant preparation time.

Final Checklist Before Your Audit

Incident register is complete, current, and includes reportable incident notifications.
Every participant with a regulated restrictive practice has a current, authorised behaviour support plan.
NDIS Worker Screening clearances confirmed on file for all risk-assessed roles.
Support plans reviewed within the last 12 months and co-produced with the participant.
Complaints register records every complaint, including verbal ones, through to resolution.
Policy suite references the current NDIS Practice Standards version.
Risk register and continuous improvement log are active and up to date.
Key Management Personnel can clearly explain how each quality system operates in practice.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.