What is an NDIS governance framework and why do I need one as a new provider?

An NDIS governance framework is the set of structures, policies, accountability lines, and systems that ensure your organisation delivers safe, consistent, and compliant supports. The NDIS Commission assesses governance at your certification audit — without a functioning framework, you risk registration conditions, delays, or refusal.

Which NDIS Practice Standards apply to SIL providers?

SIL providers must meet the Core Module of the NDIS Practice Standards plus the Specialist Supports module, which includes standards specific to supported independent living. If workers deliver high-intensity daily personal activities, the High Intensity Daily Personal Activities module also applies. Check the Commission's provider registration guidelines for the current module mapping.

Do all workers in a SIL house need an NDIS Worker Screening Check?

Yes. All workers engaged in risk-assessed roles — which includes direct support workers in SIL settings — must hold a valid NDIS Worker Screening Check or an accepted state/territory equivalent before they commence work with participants. Providers must verify and record each worker's clearance status.

How quickly must a SIL provider notify the NDIS Commission of a reportable incident?

Under the NDIS (Incident Management and Reportable Incidents) Rules, providers must submit an initial notification for a reportable incident within the timeframe prescribed in the rules (which varies by incident type). A follow-up report with full details is then required within a subsequent period. Consult the Commission's website for the current prescribed timeframes, as these are set in the delegated rules rather than the Act itself.

Can a sole trader become a registered NDIS SIL provider?

Yes, sole traders can apply for NDIS registration. However, you must still meet all governance requirements, including having documented policies, a complaints and incident system, and passing a certification audit. The governance framework must demonstrate how a sole trader structure manages accountability and continuity of support, which auditors will scrutinise carefully.

What is the difference between a verification audit and a certification audit for new NDIS providers?

A certification audit is a comprehensive, two-stage audit process required for providers delivering higher-risk supports, including SIL. It involves a desktop review of your governance documents followed by an on-site assessment. A verification audit is a lighter-touch, document-based review for providers delivering lower-risk supports. The Commission determines which type applies based on your registration groups.

NDIS Governance Framework Checklist for New Providers (2026)

Why Governance Is the Foundation of NDIS Registration

When the NDIS Quality and Safeguards Commission assesses a new provider, it is not only checking whether you can deliver a support — it is checking whether your organisation has the structures, accountability lines, and processes to keep delivering that support safely over time. That organisational scaffolding is what the Commission calls governance.

Under the strengthened NDIS Practice Standards that came into effect progressively from 2024 and continue to be reinforced through 2026 mandatory registration requirements, governance is no longer a background administrative matter. It is a core registration condition. Providers who cannot demonstrate sound governance at audit will receive conditions on their registration, or face refusal.

This checklist covers every major governance element the Commission expects to see for new providers seeking registration, with particular emphasis on SIL and other higher-risk supports where scrutiny is greatest.

1. Legal and Organisational Structure

Confirm the legal entity applying for registration — company, incorporated association, sole trader, or other structure — and hold documentation of that entity's establishment (ASIC registration, incorporation certificate, ABN, ACN).
Document who holds ultimate responsibility for the NDIS registration: the person responsible is a formal role under the NDIS Act, distinct from day-to-day management.
Prepare an organisational chart that maps the governing body (board or equivalent), executive management, and operational staffing layers. Auditors will check that accountability lines are clear.
If your organisation is a franchise or a subsidiary of a larger corporate group, document the relationship clearly and confirm which entity holds the registration and bears the compliance obligations.

2. Policy and Procedure Suite

Your policies must be mapped directly to the NDIS Practice Standards modules that apply to your registration groups. For SIL providers, the relevant modules include Core Module standards plus the High Intensity Daily Personal Activities and SIL-specific standards.

Policies must be current, accessible to staff, and reviewed on a regular cycle (most providers set an annual or biennial review schedule).
Each policy should reference the specific Practice Standard or Code of Conduct obligation it addresses.
Required policy areas for most registrations include: rights and responsibilities, privacy and confidentiality, complaints management, incident management, risk management, restrictive practices (if applicable), emergency and continuity planning, and worker conduct.
Policies must be written at a reading level accessible to the staff who use them, and translated or adapted where your workforce requires it.

3. NDIS Code of Conduct Compliance

The NDIS Code of Conduct applies to all registered providers and all workers they engage. Your governance framework must demonstrate that the Code is embedded in operations, not merely acknowledged on paper.

Provide all workers with Code of Conduct training before they commence supporting participants. Retain evidence of completion.
Include Code of Conduct obligations in employment contracts and service agreements with subcontractors.
Establish a process for responding to alleged Code of Conduct breaches, including how you would conduct an internal investigation and when you would report to the Commission.
Ensure your complaints system captures potential Code breaches and routes them to the appropriate decision-maker.

4. Worker Screening and Human Resources

All workers in risk-assessed roles must hold a current NDIS Worker Screening Check (or an accepted equivalent in your state or territory). Maintain a register with expiry dates.
Document your process for verifying screening status before a worker commences and at each renewal.
Maintain evidence of qualifications, induction, mandatory training (including NDIS orientation, abuse prevention, and first aid where required), and ongoing professional development for each worker.
For SIL specifically, document how you assess the skills, experience, and compatibility of support workers before placing them with participants in shared-living arrangements.

5. Incident Management System

The NDIS Commission's incident management requirements are among the most closely scrutinised at audit. Your system must meet the NDIS (Incident Management and Reportable Incidents) Rules.

Governance Element	What Auditors Check
Incident register	All incidents recorded, including near-misses; entries include date, description, participants involved, and actions taken.
Reportable incident identification	Staff know which incidents are reportable to the Commission and can identify them reliably.
Notification timeframes	Initial notifications for serious incidents submitted within the required timeframe; follow-up reports completed within the required period.
Root cause analysis	Evidence that incidents are analysed for systemic causes and that learnings are fed back into practice changes.
Participant notification	Participants and their support networks are notified of incidents affecting them, consistent with their communication preferences.

6. Complaints Management

Publish a complaints procedure that is accessible to participants, their families, and advocates — including how to escalate to the NDIS Commission if they are not satisfied with your response.
Assign a named complaints manager or role. This does not need to be a full-time position, but accountability must be clear.
Maintain a complaints register with dates, nature of complaint, actions taken, and resolution.
Review complaints data regularly at a governance level (board or executive) to identify patterns and drive improvement.
Ensure complaints can be made anonymously and that your process does not create barriers for participants who may have communication or capacity considerations.

7. Restrictive Practices (SIL and Behaviour Support)

If any participants in your care have behaviour support plans that involve regulated restrictive practices, your governance framework must include:

Evidence of authorisation under the relevant state or territory law before any restrictive practice is used.
A behaviour support practitioner engaged and named for each participant with a plan.
Reporting of use of regulated restrictive practices to the NDIS Commission via the correct module in the Commission portal.
Staff training records specific to the restrictive practices used (e.g., physical restraint, environmental restraint).
A reduction plan with measurable goals — the Commission expects to see that the aim is always to reduce and eliminate the use of restrictive practices over time.

8. Risk Management Framework

A risk register at the organisational level, reviewed at least annually and updated when material changes occur.
Risk assessments for individual participants that inform their support plans and staff briefings.
A business continuity plan covering scenarios such as loss of key staff, IT failure, pandemic, or natural disaster.
Financial viability documentation — the Commission assesses whether you have the financial resources to operate without compromising participant safety.

9. Quality Improvement System

Governance is not a static compliance exercise. The Commission expects providers to demonstrate a genuine continuous improvement cycle — sometimes called a PDCA (Plan-Do-Check-Act) cycle.

Maintain a quality improvement register that captures feedback from participants, families, staff, and audits, and tracks actions to completion.
Conduct an internal self-assessment against the Practice Standards before your initial audit. Identify gaps and address them with documented corrective actions.
Schedule management review meetings at the governance level to consider quality data — participant feedback, incident trends, complaint patterns, and audit findings.

10. Audit Readiness

New providers registering for the first time undergo a certification audit conducted by an NDIS Commission-approved quality auditor. Mid-registration, a verification or surveillance audit may follow. To be audit-ready:

Compile all governance documents into a single accessible location (shared drive, document management system, or physical folder).
Ensure version control is evident — every policy shows a version number, review date, and authorising signatory.
Brief your governing body and key staff on the audit process so that interviews and observations go smoothly.
Review the Commission's published audit evidence guides for the registration groups you are applying for — these tell you exactly what an auditor will ask to see.

Providers preparing a full SIL registration often find the document volume significant. The ndiscompliant.com.au 74-document audit-ready SIL compliance kit is designed to address exactly this burden — providing pre-built, Commission-aligned policies and templates that new providers can adapt and submit, reducing the time from registration intent to audit-ready status.

Summary Checklist at a Glance

Legal entity documents and organisational chart confirmed
Policy suite mapped to applicable Practice Standards modules
NDIS Code of Conduct training delivered and evidenced for all workers
NDIS Worker Screening Checks register maintained with expiry tracking
Incident management system operational with reportable incident identification and notification process
Complaints procedure published, accessible, and actioned with a register
Restrictive practices governance in place (if applicable)
Organisational risk register and participant risk assessments current
Quality improvement register active with evidence of learnings acted on
All documents version-controlled and audit-ready in a central location

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.