Is the Governance and Operational Management standard mandatory for all NDIS providers?

Yes. It is a core module that every registered NDIS provider must meet, regardless of the registration groups they hold or the size of their organisation. It is assessed during both certification and verification audits.

How often must policies be reviewed to meet this standard?

The standard requires policies to be current and accurate. While the rules do not prescribe a single fixed review cycle for all policies, most providers adopt an annual review as a minimum, with additional reviews triggered by legislative changes, incidents, or audit findings.

What happens if an auditor finds non-conformance against the Governance standard?

The NDIS Commission can impose conditions on your registration, suspend or cancel your registration, or issue compliance notices and enforceable undertakings. The outcome depends on the severity of the non-conformance and its impact on participant safety.

Does this standard apply to sole trader NDIS providers?

Yes, sole traders must meet the standard, but the Commission applies proportionality. A sole trader's governance arrangements will look different from a large SIL provider's, but the core requirements — accountability, documented practices, risk management, and continuous improvement — still apply.

What is the difference between this standard and the NDIS Code of Conduct?

The Code of Conduct sets behavioural obligations for individual workers and providers. The Governance and Operational Management Practice Standard addresses the organisational systems and structures that enable compliant behaviour — governance, policies, risk management, HR, and financial management at an organisational level.

How does the 2026 strengthened framework change governance expectations?

The strengthened framework increases scrutiny of provider culture and leadership accountability, not just documentation. Auditors now assess whether governance arrangements actively promote participant rights and safety in practice, not merely whether policies are on file.

NDIS Practice Standard: Governance and Operational Management explained (2026)

What is the Governance and Operational Management Practice Standard?

The NDIS Practice Standard on Governance and Operational Management sits within the core module that every registered NDIS provider must meet, regardless of the supports or services they deliver. For SIL and disability-support providers, it is not a bureaucratic box-tick — it is the structural spine that holds every other compliance obligation together.

Under the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018 and the strengthened framework taking effect in 2026, the NDIS Quality and Safeguards Commission assesses whether your organisation can actually govern itself well enough to deliver safe, rights-respecting support. Good governance is the pre-condition for everything else: incident management, restrictive practices, complaint handling, and worker screening all depend on leadership systems that actually work.

Who must comply?

Every organisation registered with the NDIS Commission to deliver supports and services must meet this standard. The obligation applies across all registration groups, including:

SIL providers operating residential homes
Support coordination and specialist support coordination providers
Allied health and behaviour support practitioners
Community access and day program operators
Any provider transitioning from the previous registration framework to the strengthened 2026 requirements

Sole traders and small providers are not exempt, though the Commission acknowledges proportionality — what a sole trader needs to document differs from what a mid-sized SIL operator with multiple sites must have in place. The standard describes what must be achieved, not a one-size-fits-all procedure.

The core quality indicators explained

The NDIS Commission's Practice Standards set out quality indicators under Governance and Operational Management. Approved quality auditors assess provider performance against these indicators during certification and verification audits. The key areas are:

1. Organisational governance

Your organisation must demonstrate that leaders — whether a board, executive team, or individual operator — are actively accountable for the quality and safety of supports. This means having clearly documented governance arrangements: who holds authority, how decisions are made, how conflicts of interest are identified and managed, and how the governing body receives and acts on information about performance and risk.

For SIL providers, this includes ensuring that house managers and frontline supervisors are not operating in isolation — there must be a clear line of accountability from the support floor to the leadership making strategic decisions.

2. Policies and procedures

Providers must maintain written policies and procedures that are current, accessible to workers, and reflect the actual way supports are delivered. Policies must be reviewed regularly — not simply filed and forgotten. Under the strengthened 2026 framework, the Commission places greater scrutiny on whether policies are operationalised: workers must know they exist, be trained on them, and follow them in practice.

Critical policies include, but are not limited to:

Incident management and reporting
Complaints handling
Restrictive practices (if applicable)
Worker screening and recruitment
Privacy and information management
Financial management and fraud prevention
Business continuity and emergency planning

3. Risk management

A documented, active risk management system is mandatory. This is not a static risk register you update once a year — auditors look for evidence that risks are being identified, assessed, escalated, and mitigated on an ongoing basis. For SIL providers, environmental hazards, behavioural risks, staffing gaps, and medication management must feature in your risk framework.

4. Financial management

Providers must demonstrate financial viability and sound financial management practices. The Commission's concern is that financial instability directly threatens continuity of support for NDIS participants. Providers should be able to demonstrate they hold adequate insurance, manage participant funds in accordance with NDIS rules, and have processes to detect and respond to financial irregularities.

5. Human resources

HR governance encompasses recruitment practices, worker screening compliance (NDIS Worker Screening Check), induction, supervision, performance management, and training. Under the 2026 framework, providers face heightened expectations around worker capability — particularly in areas such as trauma-informed practice, behaviour support, and rights-based approaches.

6. Continuous improvement

Governance is not a set-and-forget exercise. Providers must have a documented quality improvement system — a mechanism for gathering feedback from participants and workers, identifying gaps, implementing improvements, and tracking outcomes. Auditors will ask: what has changed in your organisation as a result of a complaint, an incident, or an audit finding?

What auditors actually look for

When an approved quality auditor assesses your organisation against this standard, they are looking for evidence that governance arrangements are real and operational, not just on paper. Common evidence types include:

Board or management meeting minutes showing active oversight of quality and safety matters
Signed and dated policy documents with version control and review dates
Risk registers with recorded actions and owners
Training records demonstrating workers have been inducted into relevant policies
Financial statements and insurance certificates
Incident logs cross-referenced with follow-up actions and NDIS Commission notifications
Participant and worker feedback records and evidence of resulting improvements

Consequences of non-conformance

The NDIS Commission takes governance failures seriously because they are often the root cause of participant harm. A finding of non-conformance against the Governance and Operational Management standard can result in:

Conditions on registration — limiting the types of supports you can deliver or requiring external monitoring
Suspension of registration — preventing you from delivering NDIS-funded supports
Cancellation of registration — the most serious outcome, ending your ability to operate as a registered NDIS provider
Compliance notices and enforceable undertakings — requiring you to remediate specific failures within set timeframes

Beyond regulatory consequences, poor governance exposes providers to reputational damage, participant complaints, and potential civil or criminal liability if governance failures contribute to participant harm.

Practical steps to strengthen your governance position in 2026

Given the strengthened framework, SIL and disability-support providers should take the following practical steps now:

Map your governance structure — document who is responsible for what, including decision-making authority, and ensure it is current and understood by all leaders.
Audit your policy suite — list every policy, check its last review date, and schedule updates for anything more than 12–24 months old.
Activate your risk register — if it is not being reviewed in leadership meetings, it is not working. Set a standing agenda item.
Verify worker screening compliance — confirm every worker and volunteer holds a current, valid NDIS Worker Screening Check before they commence supports.
Test your incident reporting chain — run a tabletop exercise to check that workers know how to escalate incidents and that reportable incidents reach the NDIS Commission within required timeframes.
Document your continuous improvement loop — capture how feedback, complaints, and incident learnings have changed your practice in the last 12 months.
Prepare your audit evidence folder — collect the evidence types listed above so you can respond efficiently during an audit.

A practical policy excerpt template

Governance and Accountability Policy — Sample Excerpt

Purpose: To ensure [Organisation Name] maintains clear governance structures that promote the safety, wellbeing, and rights of NDIS participants.

Scope: This policy applies to all board members, executive leaders, managers, and staff.

Governance commitments:
- The Board/Management Committee meets at least [frequency] and reviews quality and safety reports at each meeting.
- Conflicts of interest are declared, recorded, and managed in accordance with our Conflicts of Interest Register.
- The CEO/Director is responsible for operational governance and reports to the Board on incidents, complaints, and regulatory matters.
- This policy is reviewed annually or following any significant governance incident, whichever occurs first.

Review date: [Date] | Version: [X] | Policy owner: [Role]

For SIL providers who need a complete, audit-ready documentation suite, the ndiscompliant.com.au 74-document SIL compliance kit covers this standard and all related core and supplementary modules — saving significant preparation time ahead of your next certification audit.

The 2026 strengthened framework: what has changed?

The NDIS Commission's strengthened Practice Standards, introduced progressively from 2024 and embedded in the 2026 registration framework, place greater emphasis on provider culture, leadership accountability, and participant rights at the governance level. Providers are now expected to demonstrate that governance arrangements actively promote a rights-based culture — not merely that policies exist. Auditors are trained to look beyond documentation to observable practice and participant experience. This shift means that governance is no longer purely a back-office compliance function; it must be visible in how your organisation treats participants every day.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.