What HR policies must a new NDIS provider have in place before registration?

At minimum, new providers need documented policies covering worker screening, the NDIS Code of Conduct, incident management, complaints management, worker training, and privacy. Providers delivering supports where restrictive practices may occur also need a dedicated restrictive practices policy. All policies must be mapped to the relevant NDIS Practice Standards modules.

Do volunteers and contractors need to comply with the NDIS Code of Conduct?

Yes. The NDIS Code of Conduct applies to all workers, which includes employees, contractors, volunteers, and labour-hire workers who deliver NDIS supports. Your HR policy must cover all categories and your induction process must capture sign-off from each group.

How long do providers have to complete an NDIS Worker Screening Check for new staff?

Workers in risk-assessed roles must hold a clearance before commencing work, or within any applicable transitional period set by the NDIS Commission or their state or territory. Providers must verify the clearance is current before deployment and maintain records. Do not rely on workers self-reporting their status — check the NDIS Worker Screening Database directly.

What are the timeframes for reporting incidents to the NDIS Commission?

Reportable incident timeframes vary by incident category under the NDIS (Incident Management and Reportable Incidents) Rules. The most serious incidents (such as death or serious injury of a participant) require notification to the Commission as soon as practicable after the provider becomes aware. Your incident management policy must specify the exact timeframes for each category rather than using a single generic deadline.

Do the strengthened 2026 NDIS Practice Standards change HR documentation requirements?

Yes. The strengthened standards place greater emphasis on provider governance and workforce capability. New providers registering from 2026 will need to demonstrate that HR policies are actively used to drive quality improvement, not merely held on file. Senior leaders must show accountability for the HR framework, and workforce data should feed into quality improvement processes.

How often must NDIS HR policies be reviewed?

The NDIS Practice Standards require providers to maintain and review their policies regularly. Best practice is an annual review cycle as a minimum, with triggered reviews after any significant incident, regulatory change, audit finding, or organisational restructure. Every policy should display its version number, approval date, and next scheduled review date.

NDIS Human Resources Policy Checklist for New Providers

Why HR Policies Are Non-Negotiable for New NDIS Providers

Before a new provider can be registered with the NDIS Commission, it must demonstrate that its human resources framework meets the requirements of the NDIS Practice Standards and the NDIS Code of Conduct. An approved quality auditor will examine your HR policies and procedures as a core part of the certification audit. Gaps in documentation are among the most common reasons registration is delayed or conditional approval is issued.

This checklist covers every HR policy domain you need to have in place, what each policy must address, and the common shortfalls auditors identify in new providers.

Core HR Policy Checklist

Work through each item below. For each policy, confirm it exists as a written document, has been approved by leadership, is accessible to all relevant workers, and has a scheduled review date.

1. Worker Screening and Recruitment

Policy requires NDIS Worker Screening Check for all workers in risk-assessed roles before they commence (or within the mandatory transitional period where applicable).
Process documented for verifying that a current clearance is in place and recorded on the NDIS Worker Screening Database.
Procedure for managing workers whose clearance is pending, expired, or revoked — including immediate stand-down obligations.
Reference to state or territory-specific Working with Children or Vulnerable Persons checks where required in addition to the NDIS check.
Recruitment criteria aligned to the NDIS Code of Conduct: candidates assessed for their capacity to treat participants with dignity and respect, act with integrity, and report concerns.

2. NDIS Code of Conduct

Written policy that formally adopts the seven obligations of the NDIS Code of Conduct as conduct standards for all workers and management.
Induction procedure that requires workers to read, understand, and sign an acknowledgement of the Code before unsupervised work with participants.
Documented consequences for Code of Conduct breaches, including a clear escalation path.
Policy covers contractors, volunteers, and labour-hire workers, not only direct employees.

3. Worker Training and Competency

Mandatory induction training list documented, including: Code of Conduct, mandatory reporting obligations, participant rights, privacy and confidentiality, and emergency procedures.
Role-specific competency requirements defined in position descriptions and matched to training records.
Process for verifying professional registrations where the role requires them (e.g. nurses, allied health professionals, behaviour support practitioners).
Annual or biennial refresher training schedule documented and tracked.
Records retention policy covering training certificates and completion logs.

4. Incident Management

Policy defines what constitutes a reportable incident under the NDIS (Incident Management and Reportable Incidents) Rules, including the categories of reportable incidents involving participants.
Reporting timeframes are correctly documented: immediate internal notification, and lodgement with the NDIS Commission within the mandatory timeframe depending on incident category.
Procedure for post-incident review and corrective action documentation.
Workers are trained and tested on their obligation to report — policy includes a no-blame internal reporting culture statement.
Records of incidents, investigations, and outcomes maintained in a register.

5. Complaints Management

Policy outlines how participants, families, carers, and advocates can make a complaint — verbally or in writing — and how complaints will be acknowledged and resolved.
Complaints register maintained with outcome and timeframe data.
Workers know they must not discourage, penalise, or disadvantage anyone for making a complaint.
Policy references the participant's right to contact the NDIS Commission directly at any time.
Designated complaints officer or role identified.

6. Restrictive Practices (Where Applicable)

If the provider delivers supports where regulated restrictive practices may be used, a specific policy must be in place covering: the requirement for authorisation under applicable state or territory law, the role of a behaviour support practitioner, and mandatory reporting to the NDIS Commission.
Policy explicitly prohibits prohibited practices (e.g. chemical, mechanical, or environmental restraint used outside lawful authorisation).
Workers who may encounter regulated restrictive practices receive targeted training.
If the provider does not and will not use restrictive practices, this should still be captured in a brief policy statement to confirm scope.

7. Performance Management and Conduct

Written performance management policy covering supervision frequency, performance review process, and management of underperformance.
Disciplinary procedure referenced that is consistent with applicable industrial instruments (awards, enterprise agreements, or Fair Work Act 2009 minimums).
Policy distinguishes between conduct issues (Code of Conduct breaches, misconduct, serious misconduct) and capability or performance issues, and specifies different response pathways.
Termination procedure includes obligation to notify the NDIS Commission where a worker is dismissed or resigned while under investigation for a matter involving a participant.

8. Workplace Health and Safety

WHS policy aligned to the applicable Work Health and Safety Act in your state or territory.
Specific risk controls documented for home and community settings where workers operate without on-site supervision.
Lone worker safety procedure in place.
Incident and injury reporting procedure integrated with the WHS management system.

9. Privacy and Confidentiality

Policy covers obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles in relation to participant information.
Workers are trained on what information may be collected, how it is stored, who may access it, and under what circumstances it may be disclosed.
Data breach response procedure documented, including notification obligations under the Notifiable Data Breaches scheme where applicable.

10. Supervision and Support for Workers

Policy sets minimum supervision ratios or frequencies for new workers and workers in complex support roles.
Peer support and clinical supervision options documented where relevant (particularly for behaviour support, mental health, or SIL settings).
Debriefing and psychological safety procedures referenced, particularly following critical incidents.

Strengthened NDIS Practice Standards — Key HR Implications for 2026

The strengthened NDIS Practice Standards, which apply to registrations and re-registrations from 2026, place additional emphasis on provider governance, worker capability, and the lived experience of participants in assessing compliance. New providers should ensure their HR policies explicitly reference:

The Provider Governance and Operational Management module requirements, which include expectations around workforce planning and workforce development.
The requirement that senior leaders and nominated key personnel demonstrate understanding of and accountability for the HR framework, not merely that documents exist.
Quality improvement processes that use HR data (incident reports, complaints, training completion rates, turnover) to drive measurable service improvements.

Practical Steps to Audit-Ready HR Documentation

Map each policy to the relevant Practice Standard — include the module and quality indicator number in the policy header or document register so auditors can cross-reference easily.
Date and version-control every document — use a document register that captures the version number, approval date, approving officer, and next review date.
Evidence worker sign-off — induction acknowledgements, training completion records, and supervision logs must be retrievable on request during audit.
Test your policies against real scenarios — run a tabletop exercise with staff on a simulated incident or complaint to identify gaps before the auditor does.
Review after every significant incident or regulatory change — a triggered review policy prevents documents from becoming stale.

Common Non-Conformances Found During HR Audits

Non-Conformance	What Auditors Look For Instead
Generic HR templates not adapted to NDIS context	Explicit references to NDIS rules, reportable incident categories, and the Code of Conduct
No evidence workers have read or understood policies	Signed induction acknowledgements and training completion records
Incident reporting timeframes missing or incorrect	Accurate timeframes matching the NDIS Incident Management Rules by incident category
Worker screening records not kept or checked	Documented screening register with clearance numbers and expiry dates
No process for notifying the Commission of dismissed workers	Written step in the termination procedure referencing Commission notification obligations

Providers preparing for initial registration or approaching their re-registration audit may find it useful to work from a comprehensive pre-built document set. The ndiscompliant.com.au 74-document audit-ready SIL compliance kit includes all of the HR policies described in this checklist, pre-mapped to the NDIS Practice Standards, and ready for your organisation's details to be added.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.