Do all NDIS providers need a quality management system?

Yes. Every registered NDIS provider must have a QMS that aligns with the NDIS Practice Standards. The scope and complexity of your QMS will depend on the registration groups you hold and the risk level of the supports you deliver.

What is the difference between a verification audit and a certification audit?

A verification audit is a desktop review of your documentation and policies, used for lower-risk registration groups. A certification audit includes on-site assessment, staff interviews, and observation of practice, and is required for higher-risk supports including SIL and complex daily activities.

How long does NDIS registration take for a new provider?

Timelines vary, but the process — including completing your application, undergoing an approved quality audit, and receiving a registration decision from the NDIS Commission — commonly takes several months. Building your QMS before you submit your application is the most effective way to avoid delays.

Can I use template policies for my NDIS QMS?

Templates can provide a sound starting structure, but auditors expect policies that reflect your organisation's actual practices, staff roles, and operating context. Generic templates submitted unchanged often result in non-conformance findings. Always adapt templates to your specific services.

What happens if the NDIS Commission finds non-conformances during my audit?

Minor non-conformances typically require a corrective action plan within a specified timeframe before registration is granted. Major non-conformances may result in registration being refused or conditions being placed on your approval. Addressing gaps before submitting your application is strongly recommended.

Are restrictive practices policies required even if I do not plan to use restrictive practices?

Yes. Auditors expect every provider to have a policy that makes their position clear and documents the steps the organisation would take if the need ever arose. A missing policy is frequently cited as a non-conformance even for providers who have no current intention to use regulated restrictive practices.

NDIS Quality Management System Checklist for New Providers (2026)

What Is an NDIS Quality Management System?

A quality management system (QMS) is the documented framework that proves your organisation can deliver safe, consistent, and rights-respecting supports to NDIS participants. The NDIS Commission requires every registered provider to maintain a QMS that aligns with the NDIS Practice Standards and can withstand scrutiny from an approved quality auditor.

For new providers, building a QMS from scratch is one of the most common stumbling blocks before registration. The checklist below maps directly to the Practice Standards modules that auditors assess, so you can move through each element methodically rather than guessing what is required.

Core QMS Checklist for New NDIS Providers

Work through each section and mark items complete only when a policy, procedure, or documented process is in place — not merely planned.

1. Governance and Operational Management

Written organisational structure showing clear lines of accountability
Board or governing body terms of reference (or equivalent governance document)
Documented roles and responsibilities for all positions that interact with participants
Conflict of interest policy with declaration register
Financial management policy (delegations, procurement, fraud prevention)
Business continuity and emergency management plan
Annual review schedule for all governance documents

2. Risk Management

Risk management policy and procedure
Active risk register reviewed at least annually (or after any significant incident)
Risk appetite statement approved by governing body
Documented process for identifying, assessing, treating, and monitoring risks
Specific risk assessment process for individual participant plans

3. Human Resources and Worker Screening

Worker screening policy referencing NDIS Worker Screening Check requirements for each state and territory
Recruitment and selection procedure (including reference checks)
Induction program covering the NDIS Code of Conduct
Training register tracking mandatory and role-specific training
Performance review procedure (minimum annual cycle)
Supervision and support policy for direct support workers
Procedure for managing unsatisfactory performance or conduct
Register of all workers subject to NDIS Worker Screening obligations

4. Participant Rights and Person-Centred Practice

Participant rights and responsibilities statement (provided to participants in accessible formats)
Informed consent policy and procedure
Service agreement template compliant with NDIS rules
Individual support plan template capturing goals, preferences, and communication needs
Process for reviewing and updating support plans in partnership with participants
Documented approach to culturally safe and inclusive practice
Advocacy access information provided to every participant

5. Incident Management

Incident management policy and procedure
Incident report form and register
Documented classification of incident types, including reportable incidents that must be notified to the NDIS Commission within prescribed timeframes
Process for immediate response, investigation, and root-cause analysis
Corrective action tracking process with sign-off from leadership
Annual review of incident data to identify systemic trends
Process for notifying participants and, where relevant, their nominees or guardians

The NDIS Commission defines reportable incidents in detail in the NDIS (Incident Management and Reportable Incidents) Rules. Familiarise yourself with these before your first participant intake.

6. Complaints Management

Complaints management policy and procedure
Participant-facing complaints information in plain English (and Easy Read where appropriate)
Complaints register capturing date received, nature, outcome, and timeframe
Escalation pathway to the NDIS Commission for unresolved complaints
Documented process for notifying the complainant of the outcome
Annual review of complaints data to inform continuous improvement

7. Restrictive Practices (if applicable)

Restrictive practices policy stating your organisation's position and obligations
Procedure for seeking authorisation under the relevant state or territory legislation before implementing any regulated restrictive practice
NDIS Commission reporting procedure for the use of regulated restrictive practices
Behaviour support plan review schedule
Register of participants subject to regulated restrictive practices
Training records showing all staff have completed behaviour support training before implementing any restrictive practice

Note: Even if you do not intend to use restrictive practices, auditors expect a policy that makes your position clear and sets out the steps you would take if the need ever arose.

8. Continuous Improvement

Continuous improvement policy and log
Process for capturing improvement actions arising from incidents, complaints, audits, and participant feedback
Scheduled internal audits against the Practice Standards (at least annually)
Documented management review meeting (at least annually) with recorded minutes
Process for communicating improvements to staff and, where relevant, participants

9. Information Management and Privacy

Privacy policy aligned with the Australian Privacy Act 1988 and NDIS-specific confidentiality requirements
Consent form for collecting, using, and disclosing personal information
Secure storage and retention schedule for participant records
Data breach response procedure
Participant access to their own records process

Preparing for Your Quality Audit

All new providers seeking registration with the NDIS Commission must undergo a verification or certification audit conducted by an approved quality auditor. The audit type depends on the registration groups you are applying for and the risk level of those supports.

Confirm your registration groups — identify which NDIS Practice Standards modules apply to your chosen supports.
Conduct a gap analysis — compare your existing documents against this checklist and the relevant Practice Standards indicators.
Draft or procure missing policies — each policy must be specific to your organisation, not a generic template submitted unchanged.
Test your procedures — walk through scenarios (a participant complaint, a near-miss incident) to confirm procedures work in practice.
Brief your team — auditors may interview workers. Staff must be able to describe your processes without reading from a policy document.
Compile an evidence folder — gather completed registers, training records, signed policies, and sample forms.
Submit your registration application — upload your QMS documents as part of the NDIS Commission application portal process.

Common Non-Conformances Auditors Find

Area	Typical finding	Fix
Incident management	Policy does not distinguish between internal incidents and NDIS reportable incidents	Add a clear classification table referencing the Incident Management Rules
Worker screening	Register is missing or workers in risk-assessed roles are not screened	Audit every worker role against NDIS eligibility criteria before the audit date
Continuous improvement	Log exists but has no entries despite known incidents and complaints	Backfill and set a calendar reminder after every incident closure
Restrictive practices	No policy because provider "doesn't use them"	Write a brief policy stating this position and the escalation path if practice changes
Participant rights	Service agreement does not reference the NDIS Code of Conduct or complaints pathway	Update the template and re-issue to existing participants

A Practical Note on Document Volume

New providers often underestimate how many individual documents a compliant QMS requires — it is common to need upwards of 60 to 80 separate policies, procedures, registers, and forms before an auditor will be satisfied. Providers preparing for SIL registration or high-intensity daily activities face the highest documentation load because they must address additional Practice Standards modules covering complex bowel care, ventilator management, tracheostomy management, and similar high-risk supports.

If building every document from scratch is not feasible within your registration timeline, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit drafted specifically for Australian disability-support providers, covering all the areas in this checklist and the strengthened 2026 Practice Standards framework.

Strengthened Practice Standards — What Is Changing in 2026

The NDIS Commission has been progressively strengthening the Practice Standards framework. Key themes in the updated standards include a sharper focus on participant outcomes rather than process compliance alone, stronger expectations around the screening and supervision of workers in high-risk roles, and more explicit requirements for providers to demonstrate how participant feedback shapes service delivery. New providers registering from 2026 onward will be assessed against the updated indicators from the outset, so it is worth confirming which version of the standards applies to your registration module when you begin your audit preparation.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.