What registration groups apply to NDIS community access providers?

Most community access providers register under group 0125 (Daily Activities) and/or 0136 (Group and Centre Based Activities). The specific registration groups determine which Practice Standards modules apply and whether you require a certification audit or a verification audit.

How long must NDIS community access providers retain participant records?

The NDIS Commission requires that records relating to the delivery of supports be retained for at least seven years after the last service was provided to a participant, or longer where a participant was under 18 at the time of the support (in which case records must be kept until the person turns 25 or for seven years from the last service, whichever is longer).

Do community access providers need a behaviour support plan even if they do not use restrictive practices?

If a participant in your service has an NDIS-funded behaviour support plan, you are required to hold a current copy and ensure implementing workers are trained in it — regardless of whether your organisation itself uses regulated restrictive practices. The obligation follows the participant's plan, not your organisation's practices.

What is a reportable incident under the NDIS Act and when must it be reported?

Reportable incidents include death of a participant, serious injury, abuse or neglect, unlawful sexual or physical contact, use of unauthorised restrictive practices, and certain other events defined in the NDIS (Incident Management and Reportable Incidents) Rules. Initial notification to the NDIS Commission must occur within 24 hours for the most serious incidents, with a detailed report to follow within five days.

Can a community access provider use a generic risk assessment for all participants?

No. The NDIS Practice Standards require that support planning and risk management be individualised. A single generic risk assessment does not satisfy the requirement. Auditors expect to see risk assessments that reflect each participant's specific circumstances, health needs, and the particular community activities they access.

What is the difference between a verification audit and a certification audit for community access?

Providers registering only for lower-risk support categories may be assessed via verification audit, which is a desktop review of key documents. Providers registering for higher-risk categories — including daily activities with complex needs or SIL — generally require a certification audit, which includes on-site assessment, file reviews, and worker and participant interviews.

NDIS community access provider: documentation checklist (2026)

Why documentation matters for community access providers in 2026

Community access is one of the most common NDIS support types, yet it is also one of the most frequently cited areas of non-conformance during quality audits. Providers registered under the NDIS Practice Standards to deliver daily activities, social and community participation, or community nursing care face a detailed paper trail requirement — and the strengthened framework that took effect in late 2024 and into 2025–2026 raises the bar further.

This checklist covers every documentation category an approved quality auditor will examine. Work through it systematically before your registration renewal, certification audit, or verification audit.

The core documentation categories

1. Registration and governance documents

Current NDIS provider registration certificate and registration groups (including 0125 – Daily Activities and/or 0136 – Group and Centre Based Activities as applicable)
Key personnel declarations and evidence of suitability (NDIS Worker Screening Check clearances or exclusions on file for all relevant workers)
Organisational chart showing governance structure and lines of responsibility
Board or management committee meeting minutes covering quality and safeguarding items (minimum frequency as per your own governance policy)
Conflicts of interest register, reviewed regularly
Insurance certificates: public liability, professional indemnity (current and covering the registration period)

2. NDIS Practice Standards — Core Module evidence

All registered providers must comply with the Core Module. For community access, auditors look for documented evidence against each outcome, not just policy statements. You need:

Rights and responsibilities: Participant welcome pack explaining rights, the NDIS Code of Conduct, and how to make a complaint — signed and dated by the participant or their authorised representative
Feedback and complaints: Complaints policy and procedure; complaints register showing date received, nature, actions taken, and resolution; evidence that participants were informed of the NDIS Commission complaints pathway
Incident management: Incident management policy; incident register; evidence that reportable incidents were notified to the NDIS Commission within required timeframes; post-incident review records
Worker screening: Screening register cross-referenced against roles; process for managing workers who become excluded or whose clearance lapses
Provision of supports: Documented support delivery against each participant's goals; evidence that supports align with the participant's NDIS plan

3. Individual participant documentation

This is the category with the highest rate of findings. For every participant receiving community access supports, you must hold:

Current support plan / individual plan: Goals, preferred support approaches, specific activities to be undertaken in the community, and the participant's stated outcomes. Plans must be reviewed at a frequency agreed with the participant — at minimum when their NDIS plan is renewed.
Consent forms: Informed consent for each support type, including photo/video consent if images are taken during community outings, and consent for sharing information with other providers or the NDIA.
Risk assessment: Documented assessment of environment-specific risks (transport, community venues, water activities, etc.) and mitigation strategies. This is particularly important for participants with complex support needs.
Communication profile / communication plan: How the participant communicates, preferred formats, and any AAC (augmentative and alternative communication) requirements.
Health care plans and emergency management plans: Where health conditions are relevant to community access (e.g., epilepsy management, anaphylaxis), a written plan signed by the treating clinician must be on file and known to support workers.
Behaviour support plan: If the participant has an NDIS-funded behaviour support plan, your organisation must hold a current copy and provide evidence that all implementing staff have been trained in it.
Progress notes / shift notes: Contemporaneous records of each support session — what was done, how the participant engaged, any incidents or observations. Notes must be objective, factual, and signed by the worker who delivered the support.

4. Restrictive practices documentation

Community access providers sometimes use or encounter regulated restrictive practices — particularly environmental restraints (e.g., locked transport) or monitoring technologies. If any regulated restrictive practice is used:

Evidence that a behaviour support practitioner has assessed the practice and recommended it in writing
State or territory authorisation (where required by jurisdiction)
Monthly or quarterly monitoring records showing use, frequency, and review
Evidence that the practice is being reduced with a stated reduction plan
Reporting to the NDIS Commission via the Provider Portal as required

5. Worker and workforce documentation

Document	What auditors check
Position descriptions	Role-specific competency requirements documented
Recruitment records	Reference checks, right-to-work evidence, credential verification
Induction records	NDIS Code of Conduct training, mandatory reporting, organisation policies
Ongoing training register	First aid currency, manual handling, behaviour support plan training, CPR
Supervision records	Regular supervision meetings documented with outcomes
Performance appraisals	Annual review against role competencies and NDIS Code of Conduct

6. Safeguarding and mandatory reporting policies

Child safe environments policy (if your community access supports include participants under 18)
Abuse, neglect and exploitation prevention policy
Mandatory reporting procedure specifying who is responsible, timeframes, and documentation of notifications
Whistleblower protection policy
Records of any reportable incidents and the Commission's acknowledgement of receipt

7. Quality management system documents

Quality management policy and stated quality objectives
Internal audit schedule and completed internal audit reports
Non-conformance and corrective action register
Continuous improvement register — showing how feedback, complaints, and audit findings feed into service improvements
Document control register (version control for all policies and procedures)

Common non-conformances in community access audits

Based on NDIS Commission public information about audit findings, the most frequent issues for community access providers include:

Individual plans are outdated — plans that have not been reviewed when a participant's NDIS plan was renewed, or that do not reflect the participant's current goals
Progress notes are retrospective or generic — notes written in bulk at the end of a week, or identical text copied across multiple participants (a red flag in any audit)
Risk assessments are not activity-specific — a single generic risk assessment for "community access" rather than assessments for specific activities such as swimming, public transport, or attending crowded events
Worker training records are incomplete — behaviour support plan training not evidenced for workers who are implementing the plan
Complaints register is empty — auditors treat an empty complaints register as evidence that complaints are not being captured, not that the service is perfect
Incident reports lack post-incident review — recording that an incident occurred without documenting what was done differently as a result

Preparing for your 2026 audit: a practical checklist summary

Pull every active participant file and check it against the individual participant documentation list above
Run a screening register audit — confirm every worker in a risk-assessed role holds a current clearance
Review your complaints and incident registers for the past 12 months — check that every reportable incident was notified to the Commission and that post-incident reviews are on file
Verify that all behaviour support plans are current and that training records exist for implementing staff
Review your internal audit schedule — if an audit was due in the past 12 months, complete it before the certification audit
Check document version control — ensure no worker is operating from a superseded policy
Conduct a mock interview with a frontline worker — can they locate a participant's emergency management plan? Do they know the complaints process?

Providers who want a head start on assembly can reference the 74-document audit-ready SIL compliance kit at ndiscompliant.com.au, which covers the full documentation suite across community access, SIL, and other support categories in a ready-to-customise format.

Staying current as the framework evolves

The NDIS Commission continues to refine the strengthened Practice Standards and associated guidelines. Subscribe to Commission updates at ndiscommission.gov.au and review your document register at least every six months. Assign a nominated quality lead whose role includes monitoring Commission bulletins and ensuring policy updates are implemented and communicated to the workforce before they take effect.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.