Do early childhood providers need a separate child safety policy or can it be part of a broader safeguarding document?

Either approach is acceptable provided the child safety content is comprehensive and clearly identifiable. Given the heightened regulatory focus on children in NDIS-funded supports, many providers choose a standalone child safety policy to make it easier to train workers and demonstrate compliance to auditors. The policy must align with both NDIS Practice Standards and your state or territory's child protection legislation.

What is the NDIS Commission looking for in an incident management policy for early childhood providers?

Auditors want to see a policy that defines reportable incident categories (consistent with the NDIS (Incident Management and Reportable Incidents) Rules), specifies internal response steps, sets the timeframes for reporting to the Commission, and demonstrates a culture of learning. Workers must be able to describe the process without referring to the document — if they cannot, that is a non-conformance.

Are there specific restrictive practice rules for early childhood NDIS providers?

Yes. The NDIS Commission's Regulated Restrictive Practices rules apply to all registered providers, including early childhood services. Any regulated restrictive practice must be authorised under the relevant state or territory law, documented in the participant's behaviour support plan, reported to the Commission, and subject to ongoing monitoring and reduction planning. Early childhood providers must also be alert to practices that may not be recognised as restrictive but meet the regulatory definition.

How often should an early childhood NDIS provider review its policies?

There is no single prescribed frequency in the Practice Standards, but the expectation is that policies are kept current. Annual review is the accepted minimum for most policies. High-risk areas such as child safety, incident management, and restrictive practices warrant more frequent review — or an immediate review after a significant incident, a legislative change, or a Commission audit finding.

Does the NDIS Worker Screening Check apply to all staff in an early childhood provider?

The NDIS Worker Screening Check is mandatory for workers in risk-assessed roles, which includes anyone who delivers NDIS supports directly to participants or has more than incidental contact with participants. For early childhood providers, this effectively covers most direct support and therapy staff. Workers must hold a current check before commencing in a risk-assessed role; providers must verify and keep records of those checks.

What happens if an early childhood provider fails an NDIS Commission audit?

The Commission can impose conditions on registration, require a corrective action plan within a specified timeframe, conduct a follow-up audit, issue compliance notices, or in serious cases suspend or revoke registration. Non-conformances that put children at risk — such as absent child safety policies or unscreened workers — are treated with the highest severity. Providers are expected to address findings before their next audit cycle and should document all corrective actions taken.

NDIS early childhood provider: policies and procedures you need (2026)

Why policies and procedures matter more than ever in 2026

The NDIS Commission's strengthened Practice Standards, which took effect progressively from late 2024 and consolidate requirements heading into 2026, have raised the bar for all registered providers — including those delivering early childhood supports. Auditors are no longer satisfied with a folder of generic documents. They look for policies that are tailored to your service context, understood by your workers, and visibly driving practice on the ground.

For early childhood providers, this matters especially because the participant cohort — children under seven and their families — is inherently vulnerable. The Commission's regulatory approach reflects that sensitivity, and non-conformances in this space carry serious consequences including conditions on registration, enforceable undertakings, or banning orders.

Which NDIS Practice Standards apply to early childhood providers?

Registered providers delivering early childhood supports must comply with the NDIS Practice Standards relevant to the registration groups they hold. The core module applies to all registered providers. Depending on the specific supports delivered, providers may also need to comply with supplementary modules such as:

The Support Provision Environment module if supports are delivered in a premises controlled by the provider
The Early Childhood Supports module, which addresses family-centred practice, natural environments, and developmental outcomes
The High Intensity Daily Personal Activities module if any clinical or complex supports are involved

Each module carries specific quality indicators that your policies must address. Review your registration groups carefully and map each module's requirements to a corresponding policy or procedure.

Core policies every early childhood provider must have

The following policy areas are non-negotiable for registered early childhood NDIS providers. Each must be a live, dated document with a defined review cycle.

1. Governance and risk management

Your governance policy must describe how your organisation makes decisions, manages conflicts of interest, and ensures financial and operational accountability. It should include a risk register or reference one, and outline how risks specific to early childhood supports — such as supervision ratios, safe transport, and environmental hazards — are identified and controlled.

2. Participant rights and dignity

Every registered provider must uphold the rights set out in the NDIS Code of Conduct and the Practice Standards. For early childhood providers, this means a policy that specifically addresses how you respect the rights of children who cannot self-advocate, how you involve families as partners, and how you prevent any form of abuse, neglect, or exploitation. The policy must reference the National Principles for Child Safe Organisations.

3. Child safety and safeguarding

This is arguably the most scrutinised policy area for early childhood providers. You need a standalone child safety policy (or a clearly demarcated section of a broader safeguarding policy) that covers:

Mandatory reporting obligations under your state or territory's child protection legislation
Worker screening requirements — all workers in child-related roles must hold a current NDIS Worker Screening Check
Safe recruitment practices, including reference checks and suitability assessments
Code of conduct for staff interactions with children
Procedures for responding to concerns or disclosures

4. Incident management

The NDIS Commission requires all registered providers to have a written incident management system. Your policy must define what constitutes a reportable incident (the Commission's rules specify categories including death, serious injury, abuse, and neglect), set internal response timeframes, and establish how incidents are reported to the NDIS Commission within the required lodgement windows. For early childhood providers, near-miss reporting and a culture of learning from incidents should also be addressed.

5. Complaints management

Participants and their families must be able to raise concerns without fear of reprisal. Your complaints policy must explain how complaints are received (including from children who may communicate non-verbally), how they are investigated, how outcomes are communicated, and how systemic issues identified through complaints feed back into service improvement. Families must be told they can also complain directly to the NDIS Commission.

6. Restrictive practices

Any use of a regulated restrictive practice — including physical, chemical, mechanical, environmental, or seclusion-based restrictions — requires a specific policy aligned to the Commission's Regulated Restrictive Practices rules and your state or territory's authorisation requirements. For early childhood providers, even seemingly minor environmental restrictions (such as locking a room) can constitute a regulated practice. Your policy must prohibit unauthorised use and specify the authorisation, reporting, and monitoring obligations.

7. Worker training and competency

You must be able to demonstrate that workers hold the skills and knowledge to deliver early childhood supports safely. Your policy should specify minimum qualifications or training requirements for different roles, include mandatory induction content (NDIS Code of Conduct, child safety, incident reporting, manual handling where relevant), and set a schedule for ongoing professional development.

8. Privacy and information management

Early childhood providers collect sensitive information about children and families. Your privacy policy must align with the Privacy Act 1988 (Cth) and explain how personal information is collected, stored, accessed, and disclosed. Given that information about children requires heightened protection, address parental consent, access requests, and retention and destruction of records.

9. Continuity of supports

Your policy must address how you maintain continuity of supports when a worker is unavailable, when a service location closes, or in an emergency. For early childhood supports, unplanned disruptions can have a significant developmental impact, so your contingency planning should be specific and realistic.

Step-by-step: building your policy suite

Map your registration groups to the relevant Practice Standards modules and identify every quality indicator that applies to your organisation.
Audit what you already have. List existing documents, their version dates, and the last review date. Identify gaps.
Draft or update each policy to be specific to early childhood supports — avoid generic templates that could apply to any provider type.
Consult workers and families during development where practical. Auditors look for evidence that documents reflect real practice, not aspirational statements written solely for compliance.
Set a review schedule. Annual review is the minimum; some high-risk policies (child safety, incident management) warrant six-monthly review or review after a significant incident.
Train your team. Every policy must be communicated to relevant workers. Keep records of who was trained and when.
Document your document control. Version numbers, approval dates, and the name of the approving officer must appear on each policy.

What auditors look for — common non-conformances

Area	Common non-conformance
Child safety	Policy exists but does not reference state child protection legislation or mandatory reporting thresholds
Incident management	Workers cannot describe what constitutes a reportable incident or the timeframe for reporting to the Commission
Restrictive practices	No policy in place, or policy does not address the authorisation process under state law
Worker screening	Verification records not maintained or checks not renewed before expiry
Complaints	Families not informed of their right to complain to the NDIS Commission
Document control	Policies undated, unsigned, or last reviewed more than two years ago

A note on the 2026 strengthened framework

The NDIS Commission's strengthened Practice Standards introduced more explicit expectations around provider governance, worker competency verification, and continuous improvement systems. Early childhood providers should pay particular attention to the requirement for a documented quality management approach — this means tracking outcomes, acting on audit findings, and being able to show an auditor a cycle of improvement, not just a set of compliant documents.

If you are building your policy suite from scratch or undertaking a full review ahead of re-registration, the 74-document audit-ready compliance kit available at ndiscompliant.com.au covers the full range of policies, procedures, and supporting forms required across NDIS registration groups, including early childhood supports — it can significantly reduce the time and risk of manual drafting.

Key takeaways

Early childhood NDIS providers must hold policies across governance, child safety, incident management, complaints, restrictive practices, privacy, worker competency, and continuity of supports.
Policies must be specific to your service context, actively used, and regularly reviewed.
The 2026 strengthened framework increases scrutiny on governance and continuous improvement — not just document existence.
Worker screening, mandatory reporting obligations, and the NDIS Code of Conduct must be embedded in your child safety and HR policies.
Auditors test whether workers understand and apply your policies — training records are evidence.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.