What Is an NDIS Non-Conformity?
A non-conformity is an auditor's formal finding that a provider has failed to meet one or more requirements under the NDIS Practice Standards or the NDIS Code of Conduct. Non-conformities are graded:
- Major non-conformity: a significant failure that poses, or is likely to pose, risk of harm to participants — must be resolved before certification is granted or renewed.
- Minor non-conformity: a gap in evidence or process that does not immediately threaten participant safety but still requires a documented corrective action.
- Opportunity for improvement (OFI): not a finding against the standard, but an auditor observation that a process could be strengthened.
Understanding the difference matters for SIL providers because a single major non-conformity can delay or void registration. The examples below are drawn from the practice areas where NDIS Commission auditors most consistently identify gaps.
The Five Most Common Non-Conformity Areas in SIL Audits
1. Incident Management
The NDIS Practice Standards require providers to have a documented incident management system that enables incidents to be identified, recorded, responded to, and reported — including to the NDIS Commission where required (reportable incidents under NDIS (Incident Management and Reportable Incidents) Rules 2018).
What auditors typically find:
- Incident reports completed days after the event with no contemporaneous record.
- Incidents classified incorrectly — for example, a physical assault between participants recorded as a "behavioural incident" rather than as a reportable incident requiring Commission notification within 24 hours.
- No evidence that root-cause analysis was completed or shared with staff.
- No record of the participant or their nominated representative being informed of the incident and its outcome.
Typical finding: Minor non-conformity against Core Module — Incidents, Feedback and Complaints (Practice Standard 1.7).
2. Restrictive Practices Authorisation
This is the area most likely to attract a major non-conformity for SIL providers. The NDIS (Restrictive Practices and Behaviour Support) Rules 2018 require that any regulated restrictive practice be authorised under the relevant state or territory mechanism, implemented only within a behaviour support plan prepared by a registered behaviour support practitioner, and reported to the Commission.
What auditors typically find:
- Seclusion or physical restraint being used without any behaviour support plan on file.
- Chemical restraint (the use of medication to influence behaviour) not identified as a restrictive practice at all.
- State-based authorisation obtained, but the Commission reporting obligation not met — the two obligations are separate.
- Staff unable to articulate what practices are approved in a given participant's plan versus what is prohibited.
Typical finding: Major non-conformity against Supplementary Module 2 — Behaviour Support.
3. Worker Screening and Training Records
Providers must ensure all workers and key personnel hold a current NDIS Worker Screening Check clearance before they begin work with participants. The Code of Conduct also requires workers to have the knowledge and skills for their role.
What auditors typically find:
- Expired clearances not detected by the provider's tracking system — often discovered because no one was assigned to monitor renewal dates.
- Workers who commenced shifts while their clearance application was still pending, without a compliant risk-management process.
- Mandatory training (e.g., behaviour support, safeguarding, emergency procedures) completed but not recorded, so evidence cannot be produced at audit.
Typical finding: Minor to major non-conformity against Core Module — Governance and Operational Management (Practice Standard 1.9) depending on how many workers are affected.
4. Support Planning and Participant Goal Documentation
The Practice Standards require that each participant has a current, individualised support plan that reflects their goals, preferences, and risk profile, and that the plan is reviewed regularly in consultation with the participant.
What auditors typically find:
- Support plans last reviewed more than twelve months ago with no documented reason for the delay.
- Goals copied verbatim from the participant's NDIS plan without any personalised implementation detail.
- No evidence the participant was meaningfully involved in the review — for example, no meeting notes or signed acknowledgement.
- Risk assessments missing or dated from intake with no subsequent update despite changes in the participant's circumstances.
Typical finding: Minor non-conformity against Core Module — Support Planning (Practice Standard 1.2) and Supplementary Module 1 — High Intensity Daily Personal Activities where relevant.
5. Complaints Handling
Providers must have an accessible complaints management and resolution system. Participants must be told how to make a complaint, including to the NDIS Commission directly, and all complaints must be documented and resolved in a timely way.
What auditors typically find:
- No accessible, plain-English complaints policy provided to participants at intake.
- Verbal complaints not logged at all — providers often record only written complaints.
- No timeframe communicated to the complainant, or complaints left unresolved beyond any stated timeframe without explanation.
- Staff unaware of the participant's right to complain to the NDIS Commission independently.
Typical finding: Minor non-conformity against Core Module — Incidents, Feedback and Complaints (Practice Standard 1.7).
Worked Example: How a Non-Conformity Is Recorded and Resolved
The table below shows how an auditor would formally document a finding and what a provider's corrective action plan must include.
| Field | Example Entry |
|---|---|
| Standard reference | NDIS Practice Standards Core Module 1.7 — Incidents, Feedback and Complaints |
| Grade | Minor non-conformity |
| Finding | Review of the incident register showed twelve incidents recorded in the audit period. Of these, three had no evidence of root-cause analysis and four had no record of the participant or their representative being informed of the outcome. Staff interviews confirmed this was a systemic gap rather than an isolated oversight. |
| Evidence base | Incident register (January–April 2026), staff interview notes (three support workers, one team leader) |
| Root cause | Incident procedure template did not include a mandatory "participant notification" field; team leaders believed notification was optional where the participant had a guardian. |
| Corrective action | 1. Update incident report template to include mandatory "participant/representative notified — date and method" field. 2. Issue team-leader briefing note clarifying notification obligation applies regardless of guardianship status. 3. Audit all open incidents from prior six months to close any outstanding notifications. 4. Add incident-closure checklist to team-leader induction pack. |
| Responsible person | Quality and Compliance Coordinator |
| Target completion date | Within 28 days of audit report issue |
| Evidence to close | Updated template, briefing note with sign-off list, retrospective review report, updated induction pack |
How the Strengthened 2026 Framework Changes the Picture
The NDIS Commission's strengthened Practice Standards — progressively taking effect from 2026 — place greater emphasis on demonstrable outcomes for participants rather than process compliance alone. Auditors will increasingly look for evidence that quality systems actually produce better participant experiences, not merely that policies exist. For SIL providers, this means:
- Participant feedback must be systematically collected and demonstrably acted upon, not just filed.
- Governance records must show that boards or senior leadership are actively reviewing quality and safety data.
- Behaviour support plans must be implemented with fidelity — auditors will interview support workers to verify they understand the plan, not just confirm it is signed.
Providers preparing for their first audit under the strengthened framework should conduct a gap analysis against the updated standards well before their scheduled audit date.
Building a Corrective Action Culture Before the Auditor Arrives
- Map every Practice Standard to an owner. Each standard should have a named staff member responsible for maintaining evidence.
- Run a mock audit annually. Use the Commission's self-assessment tools to identify gaps before an approved quality auditor does.
- Treat non-conformities from previous audits as standing agenda items. Do not close a corrective action until evidence is verified — not just submitted.
- Train staff on what "evidence" looks like. A policy document alone rarely satisfies an auditor; what matters is consistent, dated records of implementation.
- Review your incident register monthly at leadership level. This generates the governance evidence that auditors are increasingly looking for under the strengthened standards.
Providers building their compliance documentation from scratch — or preparing for mandatory registration under the 2026 requirements — will find that having a complete, structured document set reduces audit preparation time significantly. The ndiscompliant.com.au 74-document audit-ready SIL compliance kit covers each of the core and supplementary module requirements referenced in this article, including incident, complaints, behaviour support, and worker screening templates pre-mapped to the relevant Practice Standard.
Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.