"Policy manual" is one of those NDIS terms that gets used loosely. Some providers mean a single 300-page Word document. Others mean a shared folder of 25 separate PDFs. Auditors mean something specific: a controlled set of policy documents, indexed and version-managed, that maps to the NDIS Practice Standards Outcomes and demonstrates that the operation is run on a documented system, not on improvisation.
The structure of the manual matters because auditors spend the desktop-review phase navigating it. A manual that's clearly indexed, version-controlled, and Practice-Standard-cited gets a quick clean review. A manual that's a single 300-page Word doc gets a long RFI cycle and usually a non-conformance.
What an NDIS SIL policy manual actually is
An NDIS SIL policy manual is a structured collection of documents that together cover every NDIS Practice Standard Outcome relevant to your service. For SIL providers that means the Core Module (Outcomes 1.1 through 4.5) plus any applicable supplementary modules. It includes:
- Policies — the "what we do" documents. Typically 20-30 distinct policies for a small SIL provider. See our 25-policy checklist for SIL for the baseline list.
- Procedures — the "how we do it" documents. Often embedded inside policies, sometimes separate. Step-by-step instructions for incident reporting, medication administration, handover, etc.
- Forms and templates — service agreement, incident report, support plan, MAR, induction checklist, supervision record.
- Registers — incident, complaint, risk, training, worker screening, continuous improvement, document control.
- Guides and reference material — audit evidence checklist, registration walkthrough, implementation README.
The manual is the policy + procedure + form + register set together with the document-control architecture that holds them. It's not just the policies.
The 5-section structure auditors expect
The auditor-friendly structure we recommend organises the manual into 5 sections matching the NDIS Practice Standards Core Module:
| Section | What it contains |
|---|---|
| Section 0 — Front matter | Document control register, version history, organisational chart, ABN, key personnel list, contents index |
| Section 1 — Rights & Responsibilities | Person-centred supports, cultural safety, privacy, independence, safeguarding (Outcomes 1.1-1.5) |
| Section 2 — Governance & Operations | Governance, risk, quality, incidents, financial, HR (Outcomes 2.1-2.6) |
| Section 3 — Provision of Supports | Access, support delivery, planning, transitions (Outcomes 3.1-3.4) |
| Section 4 — Supports Environment | Safe environment, money/property, medication, mealtime, infection control (Outcomes 4.1-4.5) |
| Section 5 — Forms, Registers, Appendices | All forms and templates, all operational registers, supplementary module documents |
Section 0 is the section auditors open first. Sections 1-4 align one-to-one with the Practice Standards Core Module structure so auditors can navigate by Outcome. Section 5 is the operational evidence layer.
Document control: the unglamorous part auditors check first
Before an auditor reads a single policy, they look at how you control your documents. Document control is the most-overlooked area among small providers and one of the easier wins. The discipline is:
- Document-control header on every policy. Title, document number, version, issue date, next review date, approver name, NDIS Practice Standard reference. Standard practice across regulated sectors.
- Document control register. A single register listing every document in the manual, with current version number, last review date, next review date, and document owner. Auditors compare this register to the documents themselves.
- Version history table. Inside each policy, a short table showing version 1.0 / 1.1 / 2.0 with date and change summary. Lets the auditor see the document is alive.
- Change-approval pathway. Who authorises a policy update? For sole traders it's you; for companies it's typically the board or a delegated quality committee. Documented in the document control policy.
Our NDIS document control guide walks through the register and approval pathway in detail. The most common audit finding here is "no version control evidence" — solved with a 1-page document-control register kept current.
Anatomy of a single policy: 9 sections every policy needs
Every policy in the manual should follow the same internal structure. Consistency makes the manual navigable; auditors looking for a specific clause know where to find it without re-reading every policy.
- Document control box — title, version, dates, NDIS Practice Standard reference. Top of page 1.
- Purpose — what this policy exists to achieve, in 1-3 sentences.
- Scope — who and what the policy covers (which staff, which participants, which sites).
- Definitions — key terms used in the policy. NDIS-specific terms get plain-language explanations.
- Policy statement — the organisation's position on the matter. What we do and why.
- Procedure — step-by-step how. This is the operational core. Numbered steps, named responsibilities.
- Roles and responsibilities — who does what. Manager, supervisor, support worker, participant.
- Related documents — cross-references to other policies, forms, and registers in the manual.
- Version history — short table at end. Version, date, change summary, approver.
6-10 pages per policy is the sweet spot. Anything shorter and the auditor flags it as inadequate; anything longer and staff don't read it. Most failed audits with "policy exists but is inadequate" findings are policies that skip sections 6 (procedure) or 8 (related documents). The procedure section is where staff find out what to actually do; the related documents section is where the auditor verifies the policy is connected to the rest of the manual.
Policy review cycle: keeping the manual alive
Auditors check whether your policies are alive. A policy last reviewed in 2022 sitting in a 2026 audit is a clear non-conformance signal. The discipline is:
- Annual review per policy. 25 policies = roughly one review per fortnight if spaced evenly. Document each review in the version history even if no changes are needed (version bump to e.g. 2.0 → 2.1, change summary "annual review, no change").
- Triggered reviews. NDIS Commission guidance update, legislation change, internal incident that exposes a policy gap, complaint that triggers a procedure change — all trigger an out-of-cycle review of the relevant policy.
- Review approval. Each reviewed policy gets the approval signature documented before it goes back into the manual.
- Old versions archived. Don't overwrite — archive the previous version so the audit trail is intact.
Our NDIS quality improvement system guide covers how policy reviews tie into the broader continuous improvement register that auditors check during the on-site visit.
Don't build the policy manual from scratch
The Complete SIL Kit ships 74 audit-mapped documents — 25 policies, 25 forms, 10 registers, worked examples and an audit evidence checklist — all pre-structured with document-control headers, Practice Standard citations, and version history tables. $297. 30-day guarantee.
See what's in the kit →Physical binder vs cloud manual
Most providers we work with maintain both — a master cloud version (Google Drive, SharePoint, or similar) where edits happen, and a printed binder at the SIL house for audit day. The reasons:
- Auditors still expect paper. The on-site audit-day binder is the artefact the auditor physically opens. A tablet or laptop is not a substitute — too easy to lose page context, too easy to look like you can't find documents.
- Staff need 24/7 access. Cloud access for support workers on shift means the policy is available in the actual moment they need it. Binders sit in a locked office; cloud copies sit in everyone's pocket.
- Version control is easier in cloud. Single source of truth. Print the binder once a quarter; the cloud version stays current daily.
Whichever you choose, the indexing has to match. If the binder is organised by Practice Standard section and the cloud version is organised alphabetically, staff and auditors will both get lost. Use the same structure in both places.
What not to put in your policy manual
Two common mistakes we see:
- Don't include staff personnel files. Worker screening, supervision records, performance reviews — these are HR records, kept separately under your HR policy and the Worker Screening Register. The policy manual is the "how we do things" document; personnel files are the "evidence we did it" document. Auditors check both but in separate phases.
- Don't include participant files. Service agreements, support plans, incident records — participant-specific files are kept under the participant's name, not in the policy manual. Auditors sample participant files during the on-site visit; if those records are buried in the policy binder they look like governance artefacts, which they aren't.
Keep the policy manual at the "system" level. Forms and registers are kept in the manual as blank templates; completed forms and live registers belong in the operational records, in the location where staff actually use them. Our NDIS audit evidence guide walks through what evidence sits where in the audit.
For the day-to-day operational side that proves the manual is alive — shift notes, progress notes, incident records — the free Notes Rewriter is the staff-training tool we recommend. Support workers learn to write Practice-Standards-aligned notes by watching their own notes get rewritten. And for the cornerstone audit reference, our SIL audit survival guide maps every kit document to every Practice Standard Outcome — print it and tick documents off as you customise them.
Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.