What documents does an NDIS auditor ask for during a SIL certification audit?

Auditors typically request policies, participant support plans, risk assessments, incident registers, worker screening clearance records, training logs, complaints registers, behaviour support plans, and restrictive-practices reports. They match each document to the relevant NDIS Practice Standard module and check that it is current, signed, and reflects actual practice.

How long should NDIS providers retain documents and evidence?

The NDIS Practice Standards do not prescribe a single universal retention period, but providers are generally expected to retain records for at least seven years (consistent with general legal and tax obligations in Australia) and for the duration of a participant's service and beyond. Check your state or territory legislation for any additional requirements.

What is a reportable incident under the NDIS and how quickly must it be notified?

Reportable incidents include unexpected death, serious injury, abuse or neglect, and unlawful use of restrictive practices. Priority 1 reportable incidents must be notified to the NDIS Commission within 24 hours of the provider becoming aware. A full written report follows within a specified number of days depending on the incident type.

Does every worker need an NDIS Worker Screening clearance?

Workers in risk-assessed roles — those who deliver direct supports to NDIS participants or have more than incidental contact — must hold a valid NDIS Worker Screening clearance before commencing that role. The clearance is nationally portable and sits in the NDIS Worker Screening Database.

What is the most common non-conformance found in SIL audits?

The most frequently cited non-conformances in SIL settings relate to restrictive-practices reporting (missed or late monthly reports to the Commission), outdated or unsigned participant support plans, and worker screening records that do not reconcile with employment start dates. An empty complaints register is also a consistent red flag for auditors.

How does the 2026 strengthened NDIS registration framework change audit requirements?

The strengthened framework places greater emphasis on demonstrating a genuine continuous improvement loop — that incidents, complaints, and internal audits lead to documented changes in practice. Providers can expect auditors to probe governance arrangements more deeply and to look for evidence of leadership oversight of the quality system, not just the existence of policies.

NDIS evidence and document list: a worked example

Why a worked example matters for SIL providers

When an approved quality auditor arrives for a certification audit, they are not simply reading your policies — they are tracing an evidence chain. Every claim in your quality management system must be backed by a dated, version-controlled document that a worker actually used. SIL providers who have never seen that chain in action often discover the gap only when a non-conformance is raised.

This article walks through a realistic NDIS evidence and document list structured around the NDIS Practice Standards, showing what each document is, which standard it satisfies, and what an auditor specifically looks for inside it.

The framework: what auditors are working from

Auditors appointed by the NDIS Commission apply the NDIS Practice Standards and the associated Quality Indicators. From 2026, the strengthened registration framework increases scrutiny particularly for higher-risk provider types, including SIL. The four core modules auditors assess against are:

Rights and Responsibilities
Governance and Operational Management
The Provision of Supports
The Support Provision Environment (for SIL)

Within those modules, every quality indicator is mapped to evidence. The list below uses that mapping as its spine.

Worked example: SIL provider evidence and document list

The table below is a realistic, filled-in example for a medium-sized SIL organisation operating across several residential sites. Adapt it to your own context — document names, version numbers, and review cycles are illustrative.

Document / Evidence Item	Practice Standard Module	What the Auditor Checks	Common Non-Conformance
Participant Rights and Responsibilities Statement (v3.1, reviewed Jan 2026)	Rights and Responsibilities	Is it written in plain English? Has the participant (or their representative) signed it? Is there an Easy Read version?	Statement exists but participant signature is missing or undated.
Individualised Support Plan — e.g., "Support Plan — Alex T., effective 01 Mar 2026"	Provision of Supports	Does it reflect the participant's current NDIS plan goals? Is it signed by the participant and reviewed at least annually?	Plan is over 12 months old or goals do not align with current NDIS funding categories.
Risk Assessment and Management Plan (site-specific, dated)	Support Provision Environment	Has the environment been assessed for fire evacuation, manual handling, and hazardous substances? Are control measures documented?	Generic template used; site-specific hazards not identified.
Behaviour Support Plan (BSP) + Restrictive Practices Register	Provision of Supports — Behaviour Support	Is the BSP authored by an NDIS-registered Behaviour Support Practitioner? Are all regulated restrictive practices (RRPs) authorised under state/territory law and reported to the Commission monthly?	RRP monthly reports not submitted, or BSP not updated after a significant incident.
Incident Register (rolling 12 months, categorised by severity)	Governance and Operational Management	Are reportable incidents notified to the Commission within the required timeframes? Is there a root-cause analysis for serious incidents?	Incidents recorded in a paper log but not transferred to the Commission's portal within 24 hours (for Priority 1 incidents).
Complaints Register + Complaints Policy (v2.0)	Rights and Responsibilities	Are participants informed of their right to complain to the NDIS Commission? Is each complaint acknowledged, investigated, and closed with a documented outcome?	Complaints policy exists but register is empty — auditors treat an empty register as a sign the system is not being used, not that complaints don't arise.
NDIS Worker Screening Clearance Register (all support workers, volunteers)	Governance and Operational Management	Does every worker in a risk-assessed role hold a valid NDIS Worker Screening clearance? Is the expiry date tracked?	Expired clearances or gap between engagement start date and clearance issue date.
Training and Competency Records (per worker, per year)	Governance and Operational Management	Have workers completed mandatory training (NDIS orientation, Code of Conduct, restrictive-practice awareness, first aid)? Is completion evidenced by certificate or LMS log?	Training listed in induction checklist but no completion certificates retained.
Code of Conduct Acknowledgement (signed by each worker)	Rights and Responsibilities	Has every worker, contractor, and volunteer signed an acknowledgement that they have read and understood the NDIS Code of Conduct?	Bulk upload to HR system with no individual signature dates.
Quality Management Policy + Internal Audit Schedule	Governance and Operational Management	Is there a documented quality cycle? Have internal audits been conducted and outcomes actioned?	Internal audit template exists but no completed audits on file — the schedule was never activated.
Emergency and Disaster Management Plan (site-specific)	Support Provision Environment	Are evacuation routes mapped? Are practice drills recorded? Does the plan account for participants with mobility or communication needs?	Plan references the building's generic fire-warden procedure but does not include participant-specific evacuation support requirements.
Participant Service Agreement (signed, dated, plain English)	Provision of Supports	Does it specify services, pricing (aligned to the NDIS Price Guide), cancellation terms, and the participant's rights?	Agreement references a superseded Price Guide version or omits cancellation notice requirements.

Step-by-step: building your evidence folder before an audit

Map your documents to Practice Standard modules. Use the NDIS Commission's Quality Indicators as your checklist. Every indicator that applies to SIL needs at least one evidence item behind it.
Conduct a document currency check. Flag any policy last reviewed more than 12 months ago. Auditors note version dates and ask workers whether they know the current version.
Verify signatures and acknowledgements. Unsigned documents are one of the most common non-conformances. Walk through every item that requires a participant or worker signature.
Reconcile your incident register against Commission portal submissions. Pull the last 12 months of incidents. Every Priority 1 reportable incident must have a corresponding Commission notification. Any gap is a finding.
Check restrictive-practices reporting currency. If your participants have authorised RRPs, confirm that monthly reports are filed and that each RRP is still within its authorisation period.
Cross-reference worker screening clearances against employment dates. No worker should have commenced in a risk-assessed role before their clearance was issued.
Create a master document register. A single spreadsheet listing every document, its version, review date, owner, and storage location is itself evidence of a functioning quality system.

Example: filled-in document register excerpt

Below is a sample row from a master document register. This format gives auditors confidence that your system is actively managed, not just assembled for the audit occasion.

Document Name	Version	Last Reviewed	Next Review Due	Owner	Storage Location
Restrictive Practices Policy	4.2	March 2026	March 2027	Quality Manager	SharePoint / Quality Folder / Policies
Incident Reporting Procedure	3.0	January 2026	January 2027	Operations Manager	SharePoint / Quality Folder / Procedures
Worker Screening Register	Live spreadsheet	Updated weekly	Ongoing	People and Culture	HR System / Clearance Tracker

What strengthened registration changes for 2026

Under the strengthened NDIS registration framework taking effect from 2026, SIL providers face more detailed verification of governance arrangements and a higher bar on evidence of continuous improvement. In practical terms, this means auditors will look not just for policies but for proof that your organisation reviews, acts on, and improves based on those policies. A complaints register with entries and documented resolutions is stronger evidence than a perfectly written complaints policy with an empty register.

Providers registering or renewing registration under the new framework should expect auditors to probe the link between incidents, complaints, internal audits, and changes to practice — the so-called improvement loop.

Pulling it all together

The difference between a clean audit and a non-conformance is almost always documentation discipline rather than a failure of actual practice. Good SIL providers often do the right thing by participants but have not captured the evidence trail that proves it.

If you are building your document library from scratch or refreshing it ahead of a 2026 registration renewal, the 74-document audit-ready SIL compliance kit at ndiscompliant.com.au provides pre-mapped templates aligned to the current Practice Standards — a practical starting point rather than a blank page.

Whichever approach you take, the principle is the same: every quality indicator needs a document, every document needs a date and a version, and every document needs evidence it was actually used.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.