How quickly must a SIL provider notify the NDIS Commission of a reportable incident?

The initial notification to the NDIS Commission must be made within 24 hours of the provider becoming aware that a reportable incident has occurred. A more detailed written report must then follow within the timeframe specified by the Commission, which varies depending on the incident type.

Does my incident management policy need to be a separate document?

Yes. The NDIS Practice Standards require providers to have a documented incident management system. A brief paragraph in a general operations manual is unlikely to satisfy an approved quality auditor. The policy should stand alone and clearly describe definitions, roles, timeframes, reporting steps, investigation requirements, and quality improvement processes.

Do near-misses need to be reported internally under the NDIS?

Yes. While near-misses do not typically trigger mandatory notification to the NDIS Commission, the NDIS Practice Standards expect providers to have a system for capturing near-misses internally. Recording and reviewing near-misses is considered evidence of a proactive safety culture and supports continuous improvement.

What happens if a SIL provider fails to notify the NDIS Commission of a reportable incident?

Failure to report a reportable incident is a breach of a provider's obligations under the NDIS (Incident Management and Reportable Incidents) Rules 2018. The NDIS Commission can take compliance action including issuing a compliance notice, banning order, or suspension or revocation of registration. Civil penalties may also apply in serious cases.

How often should an NDIS incident management policy be reviewed?

Best practice — and what auditors expect to see — is an annual policy review at minimum. The policy should also be reviewed after any serious incident, significant change to NDIS Commission guidance or Practice Standards, or when a quality audit identifies a gap. The review date and version history should be documented on the policy itself.

NDIS incident management policy: example filled-in sample

Q: What is a reportable incident under the NDIS?

A reportable incident is a defined serious event that a registered NDIS provider must notify to the NDIS Commission. Categories include the death of a participant, serious injury, abuse or neglect, unlawful sexual or physical contact, and use of an unauthorised restrictive practice. Initial notification is required within 24 hours of the provider becoming aware.

Why SIL providers need a documented incident management policy

Every registered NDIS provider — including Supported Independent Living (SIL) providers — must operate an incident management system as a condition of registration under the NDIS (Restrictive Practices and Behaviour Support) Rules 2018 and the NDIS Practice Standards. The strengthened Practice Standards framework, progressively implemented from 2024 and fully in force for the 2026 registration cycle, places heavier accountability on providers to demonstrate that their policies are not just documented but actively used, reviewed, and understood by all staff.

An incident management policy is one of the documents an approved quality auditor will request at initial registration or re-registration. A weak or generic policy — one that does not reflect your actual practice or fails to name reportable incident categories — is a common source of non-conformances.

What the NDIS Commission requires

Under the NDIS Practice Standards (Core Module, Support Provision Environment), providers must have a documented system that:

Identifies incidents and near-misses as they occur
Ensures incidents are reported internally and, where required, to the NDIS Commission
Supports affected participants and workers immediately after an incident
Investigates incidents proportionately to their severity
Implements corrective and preventive actions
Closes the loop with a formal review and improvement step

Reportable incidents — those that must be notified to the NDIS Commission — include the death of a participant, serious injury, abuse or neglect, unlawful sexual or physical contact, use of a restrictive practice not in an approved behaviour support plan, and certain other defined events. Initial notification for most reportable incidents is required within 24 hours of the provider becoming aware, with a detailed written report to follow within a prescribed period.

Filled-in sample policy: NDIS incident management

The excerpt below is a realistic filled-in example you can adapt for your own organisation. Replace placeholder text in brackets with your organisation's actual details.

Field	Content
Policy title	Incident Management Policy
Document number	POL-INC-001
Version	3.0
Effective date	[Insert date]
Review date	[12 months from effective date]
Policy owner	Quality and Compliance Manager
Applies to	All staff, volunteers, and contractors delivering supports under NDIS registration

1. Purpose

[Organisation name] is committed to the safety, health, and wellbeing of all participants. This policy establishes a clear, consistent process for identifying, reporting, managing, investigating, and reviewing incidents — including reportable incidents — in accordance with the NDIS Practice Standards, the National Disability Insurance Scheme Act 2013, and NDIS Commission requirements.

2. Scope

This policy applies to all supports delivered by [Organisation name] under its NDIS registration, across all service types including Supported Independent Living (SIL). It covers incidents involving participants, workers, visitors, and third parties on our premises or in the community.

3. Definitions

Incident: Any event or circumstance that caused, or had the potential to cause, harm to a participant, worker, or other person — including near-misses.
Reportable incident: A defined category of serious incident that must be notified to the NDIS Commission under the NDIS (Incident Management and Reportable Incidents) Rules 2018.
Near-miss: An unplanned event that did not result in injury, illness, or damage but had the potential to do so.
Serious injury: Injury requiring admission to hospital or resulting in permanent or long-term impairment.

4. Reportable incident categories

The following are reportable incidents that must be notified to the NDIS Commission:

Death of a participant
Serious injury of a participant
Abuse or neglect of a participant
Unlawful sexual or physical contact with, or assault of, a participant
Sexual misconduct committed against, or in the presence of, a participant
Use of a restrictive practice not authorised under an approved behaviour support plan or state/territory authorisation

5. Incident response steps

Immediate response: Ensure the safety of the participant and any others involved. Provide first aid or call emergency services (000) as required. Do not move an injured person unless in immediate danger.
Notify a supervisor or on-call manager: All incidents must be verbally reported to a supervisor as soon as it is safe to do so — at minimum by the end of the shift in which the incident occurred.
Complete an incident report form: The staff member most directly involved completes [Organisation name]'s Incident Report Form (FORM-INC-001) within 24 hours. The form captures: date, time, location, people involved, description of events, immediate actions taken, and injuries or property damage.
Determine if the incident is reportable: The Quality and Compliance Manager assesses whether the incident meets a reportable incident category. If yes, initial notification to the NDIS Commission is made via the NDIS Commission Portal within 24 hours of the provider becoming aware.
Support participants and workers: Affected participants are informed of what happened in a manner that is accessible and appropriate to their communication needs. Workers are offered debriefing and, where warranted, Employee Assistance Program (EAP) support.
Investigation: The Quality and Compliance Manager or a nominated delegate conducts a proportionate investigation. For serious incidents, a formal root-cause analysis is completed. Investigation findings are documented in the Incident Investigation Record (FORM-INC-002).
Submit written report to NDIS Commission: A completed written report is submitted to the NDIS Commission within the required timeframe following initial notification.
Corrective and preventive action: A Corrective Action Plan is developed and assigned to a responsible person with a due date. Actions are tracked to completion in [Organisation name]'s quality register.
Close-out and review: Once corrective actions are verified as complete, the incident is closed. Trends across incidents are reviewed at least quarterly by the leadership team and reported to the governing body.

6. Timeframes summary

Action	Timeframe
Verbal notification to supervisor	Before end of shift / as soon as safe
Incident report form completed	Within 24 hours
Initial notification to NDIS Commission (reportable incidents)	Within 24 hours of provider becoming aware
Written report to NDIS Commission	As required by the Commission (varies by incident type)
Investigation complete	As soon as reasonably practicable; serious incidents within [insert your timeframe, e.g. 14 days]
Quarterly trend review	Every three months

7. Roles and responsibilities

All staff: Identify, respond to, and report all incidents and near-misses immediately.
Supervisors / team leaders: Receive verbal notifications, ensure participant safety, and confirm incident reports are completed.
Quality and Compliance Manager: Determine reportability, lodge NDIS Commission notifications, oversee investigations, and track corrective actions.
Chief Executive / governing body: Receive quarterly incident trend reports; provide oversight and resource allocation for systemic improvements.

8. Continuous improvement

Incident data is analysed for patterns and trends at least quarterly. Findings inform updates to procedures, training needs, environmental risk assessments, and participant support plans. This policy is reviewed annually or following a serious incident, significant regulatory change, or audit finding.

Common gaps auditors find in incident management policies

No definition of what constitutes a "reportable incident" — staff cannot distinguish which events trigger Commission notification
Missing timeframes for each step of the process
No reference to participant notification and support after an incident
Investigation section is absent or vague — "an investigation will occur" without describing how
No link between incident data and quality improvement or governance reporting

Adapting this sample for your organisation

This sample is a starting point. You will need to cross-reference it against your registration groups, the specific Practice Standards modules that apply to your services, and any state or territory requirements for behaviour support authorisation if you are delivering SIL to participants with complex needs.

If you are preparing your full compliance document suite, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that includes this incident management policy in complete, editable form alongside all other required policies, procedures, and forms.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.