Which NDIS Practice Standards modules apply to group and centre-based activity providers?

Group and centre-based activity providers are assessed against the Core module (which applies to all registered providers), Module 2A covering the support provision environment for centre-based settings, and — where any restrictive practice is used or a behaviour support plan is in place — the Behaviour Support module. Additional modules may apply depending on the specific supports delivered.

Do group and centre-based providers need a restrictive practices policy even if they do not use restraints?

If your service does not currently use any restrictive practice, you should still have a policy that defines what constitutes a restrictive practice, confirms your organisation's commitment to avoiding them, and sets out the procedure to follow if a situation arises. This demonstrates proactive governance and protects workers and participants if an incident occurs.

How often must NDIS policies be reviewed?

The NDIS Commission does not prescribe a fixed universal review cycle, but the Practice Standards require providers to demonstrate continuous improvement and responsiveness to change. Most providers set an annual review as their standard, with mandatory reviews triggered by legislative updates, significant incidents, or changes in the services delivered. Every review should be dated and recorded in a policy register.

What happens if a group and centre-based provider cannot produce policies at audit?

Inability to produce required policies or evidence of their implementation will result in a non-conformance finding. Depending on severity, the approved quality auditor may issue a major non-conformance, which must be resolved before certification is granted or renewed. Ongoing or serious non-conformances can be referred to the NDIS Commission, which has powers to impose conditions on registration, suspend, or cancel it.

Are worker screening requirements different for group settings compared to one-on-one supports?

The NDIS Worker Screening Check requirement applies based on the role type (risk-assessed roles), not specifically the service setting. However, in group settings where workers are directly supporting multiple participants, all workers in direct contact roles must hold a current check. Providers must verify and record checks before work commences and maintain an ongoing register.

What is the 2026 Strengthened NDIS Practice Standards and how does it change policy requirements?

The Strengthened NDIS Practice Standards update the outcomes and quality indicators that registered providers are assessed against. Key changes include greater emphasis on demonstrating implementation (not just documentation), stronger requirements around worker competency verification, more explicit expectations on reducing restrictive practices, and sharper outcome statements that auditors assess against observable evidence in your service.

NDIS group and centre based provider: policies and procedures you need (2026)

Why group and centre-based providers face a higher policy burden in 2026

If you deliver group and centre-based activities — day programs, community access groups, recreational centres, or any shared-setting NDIS service — you are delivering a service type that the NDIS Commission consistently identifies as higher risk. Multiple participants attend simultaneously, power imbalances are magnified in group settings, and safeguarding failures can affect several people at once.

The Strengthened NDIS Practice Standards, which came into effect progressively from 2024 and reach full mandatory application in 2026, increase documentation requirements for all registered providers. For group and centre-based providers, this means a larger and more specific policy suite than many organisations currently hold.

This guide walks through every policy and procedure area an approved quality auditor will examine, what each document must contain, and how to structure your policy framework before your next audit or registration renewal.

The core Practice Standards that govern your service type

Group and centre-based activity is a support category under the NDIS registration groups. Providers in this category are assessed against the NDIS Practice Standards published by the NDIS Quality and Safeguards Commission. The applicable modules for most group and centre-based providers include:

Core module — applies to every registered NDIS provider
Module 2A (Support provision environment) — directly governs centre-based settings
Behaviour support module — mandatory if any participant has a behaviour support plan or if restrictive practices are used
High intensity daily personal activities module — where applicable to specific participants

The 2026 Strengthened Practice Standards reorganise and sharpen the outcomes and indicators within these modules. Where previous standards accepted broad policy statements, the strengthened framework expects evidence of implementation, worker competency verification, and continuous improvement cycles.

The mandatory policy and procedure areas — what auditors check

1. Participant rights and person-centred practice

Every provider must have a documented policy that affirms participant rights under the National Disability Insurance Scheme Act 2013 and the NDIS Code of Conduct. For group settings, this policy must specifically address how rights are upheld when individuals are in a shared environment — including the right to privacy, freedom of movement, and freedom from abuse and exploitation.

Your procedure must describe how workers explain rights to participants on commencement, how rights information is made accessible (Easy Read, Auslan, translated formats), and how the organisation responds when a participant's rights conflict with a group safety requirement.

2. Incident management

The NDIS Commission's incident management rules require all registered providers to have a written incident management system. For group and centre-based providers, the procedure must address:

How incidents are identified and recorded at point of occurrence
Immediate response steps, including participant safety and notification of families or carers
Mandatory NDIS Commission notification for reportable incidents (which includes abuse, neglect, unlawful sexual or physical contact, and unexpected death)
Root cause analysis and corrective action processes
Record retention in line with Commission guidance

Auditors will look for evidence that staff can describe the incident procedure from memory, that recent incidents were recorded and closed out in the system, and that reportable incidents were notified to the Commission within required timeframes.

3. Complaints management

A written complaints policy and procedure is non-negotiable. The NDIS Commission prescribes that participants must be told how to complain, including how to escalate to the Commission itself. In a group setting, the procedure must address how a complaint from one participant about another (or about a staff member) is handled without disadvantaging either party.

Your policy must include a documented complaints register, timeframes for acknowledgement and resolution, and a process for participants who need support to make a complaint (including through an advocate).

4. Restrictive practices

If any restrictive practice — environmental restraint, mechanical restraint, chemical restraint, seclusion, or physical restraint — is ever used in your centre, you must have a comprehensive restrictive practices policy. This is one of the most scrutinised areas at audit.

The policy must confirm that restrictive practices are only used as a last resort, only with appropriate authorisation (via a behaviour support plan approved by a behaviour support practitioner and, where required, relevant state or territory authorisation), and that every use is recorded and reported to the NDIS Commission monthly.

Under the 2026 Strengthened Standards, providers are expected to demonstrate active work toward reduction and elimination of restrictive practices, not merely compliance with current authorisations.

5. Worker screening and human resources

All workers in risk-assessed roles at group and centre-based services must hold a current NDIS Worker Screening Check. Your HR policy must describe how the organisation verifies screening before workers commence, maintains a register of check expiry dates, and manages the situation if a check is suspended or cancelled.

The 2026 framework also places greater emphasis on ongoing worker training records. Your policy should document minimum induction requirements, mandatory NDIS orientation module completion, and annual refreshers on topics including safeguarding, behaviour support, and the Code of Conduct.

6. Safeguarding and abuse prevention

A standalone safeguarding policy (sometimes called a child and vulnerable person protection policy) is required. Group settings present specific safeguarding risks because participants spend extended time together in a shared space, and some participants may be unable to self-report concerning interactions.

The policy must define prohibited conduct, reporting lines, how allegations against workers are managed (including stand-down procedures), and how the organisation creates a culture of speaking up. Auditors will review whether this policy has been communicated to all staff and volunteers, not merely filed.

7. Emergency and evacuation procedures

Centre-based providers must have site-specific emergency management plans. These are not generic templates — they must reflect the physical layout of your premises, the mobility and communication needs of participants who attend, and local emergency services contact information.

The procedure must include regular evacuation drills, records of those drills, and a process for reviewing the plan when participant cohorts change.

8. Continuity of supports

Under the NDIS Practice Standards Core module, providers must have a documented procedure for maintaining or transitioning supports if the organisation cannot deliver services — due to closure, natural disaster, or provider failure. For group programs that participants rely on as a structured daily support, this is a meaningful safeguarding obligation.

How to structure your policy suite for a group and centre-based audit

Map your registration scope — list every support category you are registered for and identify which Practice Standards modules apply.
Audit your existing documents — compare each policy against the relevant Practice Standards outcomes and indicators. Note gaps, outdated references to superseded legislation, and documents that exist but have not been reviewed or signed off within the last twelve months.
Draft or update missing policies — prioritise incident management, complaints, restrictive practices, and worker screening first, as these are the most common areas of non-conformance identified by approved quality auditors.
Create a policy register — a central document listing every policy, its version number, review date, and owner. Auditors look for this as evidence of governance.
Embed procedures into operations — policies on paper are not sufficient. Train workers on each procedure, document that training, and test competency where required (for example, emergency evacuations and incident reporting).
Schedule regular reviews — the Commission expects policies to be reviewed when legislation changes, after significant incidents, or at minimum annually. Record reviews in your policy register.
Prepare evidence files — auditors assess implementation, not just documentation. Collect completed incident reports, complaints registers, training records, drill logs, and screening check registers as supporting evidence.

Common non-conformances in group and centre-based audits

Non-conformance area	Typical finding	Corrective action
Incident management	Incidents recorded but reportable incidents not notified to the Commission within required timeframes	Build a triage checklist into the incident form; designate a responsible officer for Commission notifications
Restrictive practices	Environmental restraints (locked doors, restricted access areas) in use without documentation or authorisation	Engage a behaviour support practitioner; document all practices and obtain required authorisations
Worker screening	No register maintained; expired checks not identified	Implement a screening register with automated expiry alerts
Complaints procedure	Policy exists but participants unaware of how to complain or who to contact	Display complaints process in Easy Read format on-site; include in participant welcome pack
Emergency procedures	Generic plan not adapted to the site or the participant cohort	Conduct a site-specific review; update for individual participant needs; schedule quarterly drills

A practical note on getting audit-ready efficiently

Building a full policy suite from scratch is a significant undertaking for any group and centre-based provider. The documentation requirements under the 2026 Strengthened Standards are more detailed than earlier versions, and the expectation that policies reflect actual practice — not aspirational statements — raises the bar further.

If you are working through a registration renewal or preparing for a certification audit, the 74-document audit-ready SIL compliance kit at ndiscompliant.com.au includes the core policy templates most commonly required by group and centre-based providers, pre-mapped to current Practice Standards outcomes and updated for the 2026 framework.

Whether you use a commercial kit, engage a compliance consultant, or build documents internally, the critical principle is the same: your policies must be live, known by your workers, and evidenced in practice before your auditor arrives.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.