What is the difference between a verification audit and a certification audit for NDIS providers?

A verification audit is a desktop review of documents and policies, used for lower-risk registration groups. A certification audit is a full on-site assessment of your entire quality management system, including interviews with workers and participants, and is required for higher-risk supports such as SIL and high-intensity daily activities.

How long must NDIS providers retain records?

The NDIS Practice Standards do not specify a single universal retention period. Providers must follow applicable state and territory legislation, which commonly requires records relating to people with disability to be kept for a minimum of seven years, or longer where the participant was a child during the period of support.

What happens if an auditor finds a document is missing or out of date?

The auditor will record a non-conformance finding. Minor non-conformances require a corrective action plan. Major non-conformances can result in conditions on your registration or referral to the NDIS Commission for regulatory action, which may include suspension or cancellation of registration.

Do all workers in a SIL house need an NDIS Worker Screening Check?

Yes. Any worker who is likely to have more than incidental contact with NDIS participants — which describes virtually all direct support workers in a SIL setting — must hold a current NDIS Worker Screening Check clearance before they commence work with participants.

Is a behaviour support plan required even if the restrictive practice is considered minor?

Under the NDIS (Restrictive Practices and Behaviour Support) Rules, a behaviour support plan prepared by a registered behaviour support practitioner is required before any regulated restrictive practice can be used. What counts as a regulated restrictive practice depends on the relevant state or territory authorisation framework.

Can a SIL provider use a generic policy template to meet the Practice Standards?

Generic templates can provide a starting point but must be contextualised to your specific service model, participant cohort, and operational procedures. Auditors assess whether policies reflect actual practice — a generic template that does not match how your organisation operates will generate non-conformance findings.

NDIS evidence and document list (2026)

Why your document list matters more than ever in 2026

The NDIS Commission's strengthened Practice Standards, which apply to all registered providers subject to the 2026 registration renewal cycle, place a heavier emphasis on documented evidence rather than self-declared intent. An approved quality auditor does not simply review your policies — they cross-reference those policies against actual records, worker files, participant support plans, and incident registers to determine whether your organisation genuinely operates as described.

For Supported Independent Living (SIL) providers in particular, the audit scope is among the most comprehensive in the scheme. SIL sits within the high-intensity supports registration group, meaning providers are subject to a full certification audit rather than a verification audit. That distinction matters: certification auditors assess your entire quality management system, not just a checklist of policies.

The document list below is organised by the major Practice Standards modules most relevant to SIL and accommodation-based support. Use it as a working checklist to identify gaps before your audit window opens.

Core governance and organisational records

Every registered provider must be able to demonstrate sound governance. Auditors typically request:

Current registration certificate and scope of supports
Organisational chart showing governance structure and accountable persons
Board or committee meeting minutes evidencing oversight of quality and safety
Conflict of interest register
Insurance certificates (public liability and professional indemnity at minimum)
Financial statements or evidence of financial viability appropriate to your organisation's size
Business continuity and emergency management plan, with evidence of review

Worker screening and human resources records

The NDIS Worker Screening Check is mandatory for all workers who are likely to have more than incidental contact with people with disability. For SIL providers, this covers virtually all direct support workers. Your HR documentation must include:

NDIS Worker Screening Check clearance for every in-scope worker, with expiry dates tracked
Working With Children Check (where state legislation requires it in addition)
Evidence of identity verification conducted before engagement
Signed employment contracts or service agreements that reference the NDIS Code of Conduct obligations
Signed Code of Conduct acknowledgements from all workers and contractors
Position descriptions that reflect the actual duties performed
Induction records and competency assessments, including for manual handling, medication management, and restrictive practice (where relevant)
Ongoing training records covering mandatory topics such as abuse and neglect recognition, reportable incidents, and the rights of people with disability
Supervision and performance review records

Participant support records

This is the area where many SIL providers have documentation gaps. Auditors expect to see a complete and contemporaneous record for each participant, including:

Signed service agreements referencing the NDIS Price Guide and support catalogue
Current NDIS plan (or confirmation of plan details where a full copy is not held)
Individual support plan or person-centred plan, reviewed at the frequency specified in your policy
Risk assessments specific to each participant's support needs and living environment
Health care plans, medication administration records, and clinical protocols where applicable
Evidence of participant consent (or consent from a legal decision-maker) for all significant decisions
Communication of participant rights, including how complaints can be made
Progress and shift notes that link directly to planned goals
Evidence of goal review meetings and participant or family involvement in those reviews

Incident management evidence

The NDIS (Incident Management and Reportable Incidents) Rules set specific obligations for all registered providers. Your incident documentation must demonstrate a closed-loop system:

Incident register — all incidents logged, not only those meeting the reportable threshold
Reportable incident notifications — initial notifications to the NDIS Commission submitted within the required timeframes, and follow-up reports completed and acknowledged
Investigation records — documented root-cause analysis and action plans for serious incidents
Corrective action evidence — proof that actions were taken and their effectiveness was reviewed
Trend analysis — evidence that management or governance regularly reviews incident data to identify patterns

Auditors commonly find non-conformances where providers notify the Commission of incidents but have no evidence of internal investigation or corrective action being completed and closed out.

Complaints management records

Your complaints system must be accessible and clearly communicated to participants. Evidence auditors look for includes:

Complaints policy and procedure, with current review date
Complaints register, including complaints not yet resolved
Records of how each complaint was acknowledged and resolved, including timeframes
Evidence that complainants were informed of external avenues such as the NDIS Commission
Management or governance review of complaints data at regular intervals

Restrictive practices documentation

For SIL providers, restrictive practices documentation is a high-risk area. The use of any regulated restrictive practice requires prior authorisation under the relevant state or territory framework, and the NDIS Commission must be notified. Your records must include:

Behaviour support plans prepared by a registered behaviour support practitioner for each participant where regulated restrictive practices are used
State or territory authorisation documents for each restrictive practice
Restrictive practice data reported to the NDIS Commission at the required frequency
Worker training records in the specific restrictive practice type being used
Evidence that the practice is being reviewed with a view to reduction and elimination

Quality management system records

Certification audits assess your quality management system as a whole. Beyond individual registers, auditors expect to see:

Document	What auditors check
Policy and procedure suite	Version control, review dates, owner identified, aligned to current Practice Standards
Internal audit records	Scheduled audits conducted, findings actioned, corrective actions verified
Management review minutes	Regular review of quality system performance with evidence of decisions made
Continuous improvement register	Improvements identified, owner assigned, status tracked to completion
Feedback records	Participant, family, and worker feedback captured and reviewed

A practical approach to closing gaps before your audit

The most common non-conformance finding is not the absence of a policy — it is the absence of evidence that the policy is actually being followed. Before your audit window opens, conduct an evidence-collection exercise rather than a policy review. Pull a sample of worker files and participant files and check whether every required document is present, current, and correctly completed.

Specifically:

Map every requirement in the applicable Practice Standards modules to a specific document type
Identify who is responsible for generating and maintaining each document
Set review cycles for time-sensitive documents such as support plans, risk assessments, and worker screening clearances
Create a centralised index so that auditors can be directed to evidence quickly during the on-site audit
Conduct a mock audit using the approved quality auditor's scope of audit document as your guide

If your organisation needs a structured starting point, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that maps directly to the strengthened Practice Standards modules — a practical shortcut for providers who want to move from gap analysis to implementation without building every template from scratch.

Key takeaway

The 2026 NDIS registration landscape rewards providers who treat documentation as a live operational system, not an audit-season exercise. Build your evidence trail continuously, review it regularly, and ensure your workers understand that every entry in a progress note, incident record, or restrictive practice report is a piece of compliance evidence that may be reviewed by an auditor or the NDIS Commission at any time.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.