What is a regulated restrictive practice under the NDIS?

Under the NDIS (Restrictive Practices and Behaviour Support) Rules 2018, regulated restrictive practices include chemical restraint, mechanical restraint, physical restraint, environmental restraint, and seclusion. Any use of these practices by a registered NDIS provider must be authorised, reported to the NDIS Commission, and supported by a behaviour support plan.

Do we need a behaviour support plan before using a restrictive practice?

Yes. A behaviour support plan developed by a suitably qualified behaviour support practitioner — one verified by the NDIS Commission — must be in place for every participant for whom a regulated restrictive practice is used. An interim plan may apply initially, but it is time-limited and must be replaced by a comprehensive plan.

How often must restrictive practice use be reported to the NDIS Commission?

Providers must report all uses of regulated restrictive practices to the NDIS Commission through the myplace provider portal. The reporting schedule depends on the type of practice and the participant's plan; the NDIS Rules specify timeframes for each reporting category. Providers should check the Commission's guidance for the current applicable periods.

What happens if an auditor finds a non-conformance in our restrictive practices policy?

Non-conformances are graded by severity. Minor gaps may result in a corrective action plan with a timeframe to rectify. Serious non-conformances — such as unauthorised use of a restrictive practice or repeated late reporting — can result in conditions on registration, suspension, or referral for investigation by the NDIS Commission.

Can we use a generic template for our restrictive practices policy?

A template is a starting point, not a finished document. Auditors expect your policy to reflect your specific service types, participant cohort, the state or territory laws that govern authorisation in your jurisdiction, and your internal processes. A clearly unmodified generic template is likely to attract scrutiny and potentially a non-conformance.

What is the 2026 strengthened NDIS Practice Standards change for restrictive practices?

The strengthened NDIS Practice Standards embed restrictive practice obligations more explicitly into the standards assessed during audits, reducing the gap between legal obligations in the Rules and what auditors formally measure. Providers should review their policies against the updated standards and ensure their systems, training, and documentation align with the revised requirements.

NDIS Restrictive Practices Policy: What Auditors Look For

Why Restrictive Practices Are a High-Priority Audit Focus

For Supported Independent Living and other disability support providers, restrictive practices sit at the intersection of human rights, safeguarding, and legal compliance. The NDIS Commission treats any use of regulated restrictive practices as a serious matter — one that carries mandatory reporting obligations, ongoing monitoring duties, and significant penalties for non-compliance. As the strengthened NDIS Practice Standards take effect in 2026, auditors are applying greater scrutiny to the documents, systems, and culture that providers have built around this area.

This article explains exactly what an approved quality auditor looks for when they assess your restrictive practices policy and related records — and what the most common gaps are that cause providers to receive non-conformances.

What the NDIS Commission Requires: The Core Framework

The legal basis for restricting restrictive practices sits in the National Disability Insurance Scheme Act 2013 and the NDIS (Restrictive Practices and Behaviour Support) Rules 2018. These establish the framework that auditors apply. Key obligations for registered providers include:

Ensuring that any regulated restrictive practice is only used where it is authorised under the relevant state or territory law (or, in states without their own scheme, consistent with the NDIS Rules).
Engaging a behaviour support practitioner who meets the NDIS Commission's capability requirements to develop or review any behaviour support plan that includes a regulated restrictive practice.
Reporting all uses of regulated restrictive practices to the NDIS Commission through the myplace provider portal on the required reporting schedule.
Working toward the reduction and elimination of restrictive practices over time — the rules explicitly frame restrictive practices as transitional measures, not permanent solutions.
Obtaining and documenting informed consent from the participant or their authorised representative wherever possible.

The strengthened Practice Standards, which apply to registered providers from 2026, embed these obligations directly into the standards that auditors assess against, removing ambiguity about what "good" looks like.

What Auditors Actually Check: A Category-by-Category Breakdown

1. Your Written Restrictive Practices Policy

Auditors will ask for your current policy document and check that it:

Defines each type of regulated restrictive practice (chemical, mechanical, physical, environmental, and seclusion) in terms consistent with the NDIS Rules.
Describes the authorisation process your organisation follows before any practice is used, including which staff roles hold authority at each step.
States your organisation's commitment to reduction and elimination, with reference to behaviour support plans as the mechanism.
Sets out staff training requirements and how competency is verified.
Outlines reporting timelines — both internal escalation and reporting to the NDIS Commission.
Includes a review schedule and records when it was last reviewed and by whom.

A policy that is undated, unsigned, or has not been reviewed within the last 12 months is a red flag. Auditors treat a stale policy as evidence that the organisation is not actively managing this risk.

2. Behaviour Support Plans

For each participant in your care who has a regulated restrictive practice in place, auditors will look for a current behaviour support plan (BSP) developed by a suitably qualified and NDIS Commission-verified behaviour support practitioner. Auditors check that:

The BSP is participant-specific and identifies the behaviour of concern, its function, and proactive strategies to address underlying needs.
Every regulated restrictive practice listed in the BSP is clearly named, not buried in general language.
Interim BSPs (which are time-limited) have not been allowed to expire without a comprehensive plan in place.
The plan has been reviewed after any significant incident or change in the participant's circumstances.
The participant and their support network have been involved in the plan's development to the greatest extent possible.

Generic or template-style BSPs that are not tailored to the individual are a common source of non-conformances. Auditors are trained to recognise boilerplate language.

3. Authorisation Records

This is where many providers are caught off guard. Having a restrictive practice listed in a BSP is not the same as having lawful authorisation to use it. Auditors will look for documented evidence that each practice has been authorised through the applicable state or territory mechanism — for example, through a guardianship order, a state tribunal decision, or consent from an authorised decision-maker where permitted.

Common gaps include:

Authorisation documents that have expired without renewal.
Practices being used before authorisation was obtained.
Authorisation held in a format that does not specify the individual participant, the practice type, or the duration.

4. Incident Reporting and Records

Every use of a regulated restrictive practice must be reported to the NDIS Commission. Auditors cross-reference the organisation's incident register against its reporting records in the myplace portal. They are looking for:

Timely reporting — the NDIS Rules specify timeframes for different categories of reports, and late reports are treated as a non-conformance in their own right.
Completeness — each report should include the type of practice used, the duration, the participant, and the circumstances.
Evidence of internal review — a record that the incident was escalated within the organisation and that any required follow-up was completed.

A pattern of underreporting — even unintentional — is treated seriously, as it suggests the organisation does not have adequate oversight of its own practices.

5. Staff Training Records

Auditors will ask to see evidence that staff who implement or oversee restrictive practices have been trained. This includes:

Training on the organisation's policy and the types of regulated restrictive practices.
Any required Positive Behaviour Support training relevant to the participants they support.
Records showing when training was completed and when it is due for renewal.

An undated training record or a gap between a staff member commencing a role and completing required training is a finding that auditors note.

6. Reduction and Elimination Evidence

Auditors are not just checking whether practices are authorised — they are assessing whether your organisation is actively working to reduce their use. Evidence they look for includes:

Regular review meetings documented in participant files or in team records.
Decreasing frequency or duration of restrictive practice use over time, reflected in progress notes or data tracking.
Changes to the BSP that reflect learning from incidents and implementation of new proactive strategies.

The Most Common Non-Conformances

Non-Conformance	Typical Cause	What Auditors Want to See Instead
Expired or missing authorisation	No reminder system for renewal dates	A tracked register with renewal dates and responsible owner
Interim BSP used beyond its timeframe	Delays in engaging a behaviour support practitioner	Comprehensive BSP in place within the required period
Late or missing Commission reports	Staff unaware of reporting obligations	Staff training on reporting + portal access for designated staff
Generic policy not organisation-specific	Downloaded template, never customised	Policy referencing your specific services, participant cohort, and state/territory laws
No evidence of reduction efforts	Practice treated as permanent rather than transitional	Progress notes, data collection, and BSP amendments over time

Preparing Your Policy for Audit

Audit your current policy against the checklist above — if it does not address all six areas, update it before your audit window opens.
Build a centralised register of all participants with a restrictive practice in place, including the authorisation expiry date and the BSP review date.
Assign a named staff member as the restrictive practices lead responsible for monitoring reporting obligations and keeping records current.
Review your incident register against your myplace portal submissions for the past 12 months to identify any reporting gaps and address them proactively.
Check that every behaviour support practitioner engaged by your organisation is listed on the NDIS Commission's verified practitioner register.
Document your reduction and elimination activities — even brief notes in a team meeting register are evidence that you are actively working toward reduction.

If you are building or overhauling your documentation suite ahead of a 2026 audit, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that includes a restrictive practices policy template, a behaviour support register, and aligned incident-reporting tools — all pre-mapped to the Practice Standards.

Key Takeaway

Auditors approach restrictive practices with a human-rights lens. They are not simply ticking boxes — they are assessing whether your organisation genuinely understands why restrictions matter, has robust systems to keep them minimal and lawful, and can demonstrate that your participants' rights are protected. A strong, current, and actively-used policy is the foundation of that assurance.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.