What is the minimum number of policies a SIL provider needs to be registered?

The NDIS Commission does not publish a fixed count, but certification auditors assess providers against every applicable Practice Standards quality indicator. For most SIL services this means documented policies across at least ten core areas including incident management, complaints, restrictive practices, worker screening, and participant rights. Gaps in any area can result in a non-conformance finding that delays or prevents registration.

How often do SIL providers need to review their policies?

A minimum annual review cycle is standard practice and expected by auditors. Policies should also be reviewed immediately following a serious incident, a change in legislation or NDIS Commission guidance, a significant organisational change, or a finding from an audit. Review dates and version numbers must be documented on the face of each policy.

Can a SIL provider use a behaviour support plan prepared by an external practitioner?

Yes. Behaviour support plans must be prepared by a registered NDIS behaviour support practitioner, who may be employed by a separate organisation. However, the SIL provider remains responsible for ensuring workers are trained to implement the plan accurately, that regulated restrictive practices in the plan are properly authorised, and that the provider reports usage data to the NDIS Commission as required.

What happens if a SIL provider fails to notify the NDIS Commission of a reportable incident in time?

Failure to notify within the required timeframes under the NDIS Incident Management Rules is a breach of a provider's registration conditions. The Commission may issue a compliance notice, impose conditions on registration, suspend or revoke registration, or apply civil penalty provisions. Persistent or serious breaches can also trigger a Commission investigation and banning orders against individual workers.

Do all SIL workers need an NDIS Worker Screening Check, or only some?

Workers in risk-assessed roles — which includes anyone who delivers direct supports to NDIS participants — must hold a valid NDIS Worker Screening Check before commencing work. Volunteers who have more than incidental contact with participants are also captured. The provider must verify the check before the worker begins and must not permit a worker to deliver supports if their clearance is withdrawn or expires.

Are SIL providers required to have easy-read versions of their policies available to participants?

The NDIS Practice Standards require providers to communicate in a way that is accessible and appropriate to each participant's communication needs. While there is no blanket rule mandating easy-read versions of every internal policy, providers must ensure participants can access and understand information about their rights, how to make a complaint, and how to raise concerns. This typically means having accessible complaint and rights information in easy-read, translated, or other suitable formats.

NDIS SIL provider: policies and procedures you need (2026)

Why SIL providers face the highest policy burden in the NDIS

Supported Independent Living sits at the intersection of accommodation, personal care, and 24-hour risk management. Because participants in SIL arrangements are often highly vulnerable — relying on providers for daily living, health management, and safety — the NDIS Quality and Safeguards Commission applies its most rigorous scrutiny to this provider type.

Under the strengthened NDIS Practice Standards framework progressively taking effect in 2026, registered SIL providers must demonstrate not just that policies exist on paper, but that those policies are understood by workers, embedded in day-to-day practice, and regularly reviewed. Approved quality auditors now look for evidence of implementation, not merely documentation.

If you are building, refreshing, or stress-testing your policy suite ahead of registration or audit, this guide maps the essential documents and what each must cover.

The regulatory framework your policies must reflect

Every SIL policy must be traceable to at least one of the following instruments:

NDIS Practice Standards and Quality Indicators — the core benchmark for certification audits, covering Core Module requirements plus the High Intensity Daily Personal Activities and Implementing Behaviour Support Plans supplementary modules that apply to most SIL services.
NDIS Code of Conduct — binding on both the provider and every worker; your policies must operationalise each of the seven obligations, including acting with integrity and promptly raising and acting on concerns.
NDIS (Incident Management and Reportable Incidents) Rules 2018 — specifies what constitutes a reportable incident, notification timeframes, and internal review obligations.
NDIS (Restrictive Practices and Behaviour Support) Rules 2018 — governs the use, authorisation, reporting, and reduction of regulated restrictive practices.
National Disability Insurance Scheme Act 2013 (Cth) — the overarching legislation underpinning all Commission functions.

Core policies every SIL provider must have

1. Participant rights and dignity policy

This policy must articulate how your organisation upholds each participant's right to make decisions about their own life, including decisions the provider may consider unwise. It should address privacy and confidentiality, how participants access their personal information, and how the provider responds when a participant's expressed wishes appear to conflict with their safety. Auditors will ask participants and support workers whether they can describe these rights in practice.

2. Safe and high-quality supports policy

Covering the Core Module obligation to deliver supports in a safe and competent manner, this policy must specify minimum worker qualifications for each support type, how clinical or complex supports are supervised, and how the provider identifies and responds to changes in a participant's support needs. For SIL, this must extend to overnight and weekend staffing ratios and escalation pathways outside business hours.

3. Incident management policy and procedure

This is one of the documents auditors scrutinise most closely. Your policy must:

Define what constitutes an incident and, within that, a reportable incident under the Incident Management Rules.
Set out who is responsible for lodging internal incident reports and within what timeframe after the event.
Specify the process for notifying the NDIS Commission of reportable incidents, including the applicable notification windows (initial and follow-up).
Describe how incidents are reviewed, what root-cause analysis looks like for serious incidents, and how learnings are fed back into practice.
Include a procedure for supporting the affected participant and any witnesses in the aftermath of an incident.

A standalone incident register must accompany this policy, and auditors will cross-reference reported incidents against Commission records.

4. Complaints management policy and procedure

The NDIS Practice Standards require a complaints process that is accessible, responsive, and free from reprisal. Your policy must explain how participants (and their representatives) can raise a complaint, how the provider will acknowledge and investigate it, timeframes for resolution, and how outcomes are communicated. It must also specify when a complaint escalates externally to the NDIS Commission. Easy-read and translated versions should be referenced or attached where your participant cohort requires them.

5. Worker screening and human resources policy

All workers delivering NDIS supports in risk-assessed roles must hold a valid NDIS Worker Screening Check. Your HR policy must document the pre-commencement verification process, how the provider monitors check currency, and what happens if a check is withdrawn. It must also cover mandatory reporter obligations, reference checks, probationary supervision, and ongoing performance management aligned to the Code of Conduct.

6. Restrictive practices policy and procedure

For SIL providers whose participants have behaviour support plans, this is a non-negotiable document. The policy must:

Define each category of regulated restrictive practice (physical, chemical, mechanical, environmental, and seclusion).
Confirm that no restrictive practice is used without authorisation under the relevant state or territory law and that a behaviour support plan prepared by a registered behaviour support practitioner is in place.
Set out how staff are trained to implement only the practices specified in a participant's plan, and no others.
Describe reporting obligations to the Commission and to the authorising body.
Include a reduction plan framework — the Commission requires providers to actively work toward eliminating regulated restrictive practices over time.

7. Emergency and disaster management policy

SIL providers operate around the clock, including during bushfires, floods, and other emergencies common across Australia. This policy must include individual emergency evacuation plans for each participant (accounting for mobility and communication needs), a business continuity plan that addresses how critical supports continue during a service disruption, and a communication tree for contacting families, guardians, and emergency services.

8. Medication management policy

Where SIL workers administer or assist with medication, a dedicated policy is required. It must address safe storage, documentation of administration, management of errors or adverse reactions, and the competency requirements for workers performing medication-related tasks. For high-complexity medication needs, reference to clinical governance arrangements and delegation frameworks is expected.

9. Safeguarding and abuse prevention policy

This policy operationalises the provider's obligations under the Code of Conduct to prevent, identify, and respond to abuse, neglect, exploitation, and violence. It must define what constitutes each form of harm, set out the mandatory reporting pathway (internally and to the Commission and/or police where required), include a zero-tolerance statement, and describe how the provider creates a culture where workers feel safe to raise concerns without fear of reprisal.

10. Privacy and information management policy

SIL providers collect and hold sensitive personal and health information about participants. This policy must comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, cover how information is collected, stored, accessed, and destroyed, and specify participant consent requirements for information sharing with third parties including allied health professionals and families.

What auditors actually look for: a practical table

Policy area	Common non-conformance	What good looks like
Incident management	Policy exists but workers cannot describe the reportable incident categories or notification steps	Workers trained annually; records show completed investigations with documented outcomes
Restrictive practices	Practices recorded in daily notes that do not appear in the approved behaviour support plan	Strict plan-to-practice alignment; deviation triggers immediate review
Complaints	Complaints log is blank or only records resolved complaints — not all complaints received	Every complaint logged at receipt, with status, action, and outcome tracked
Worker screening	Clearance numbers recorded but expiry dates not monitored	Centralised register with calendar alerts 60+ days before expiry
Medication	Medication administration records incomplete or administered by unqualified workers	Signed MAR for every dose; competency records on file for each administering worker

Building your policy suite: a step-by-step approach

Map your services to the Practice Standards modules. Confirm which supplementary modules apply to your SIL service types (most will need High Intensity Daily Personal Activities and Behaviour Support at minimum).
Audit existing documents against current requirements. Many providers have policies written for pre-2022 standards that have not been updated to reflect the strengthened framework.
Assign a policy owner to each document. Policies without an owner tend to drift out of date. Assign a named role (not a person) and set a minimum annual review cycle.
Engage your workers in procedure design. Frontline SIL workers often identify gaps that management misses. Include their input in procedure development and document that consultation.
Build an evidence file alongside each policy. Auditors require evidence of implementation: training records, completed forms, meeting minutes where policies were discussed.
Conduct a mock audit before your certification date. Use the NDIS Commission's published quality indicators to self-assess against each standard, identify gaps, and remediate before an external auditor arrives.

Getting audit-ready without starting from scratch

Developing a compliant, implementation-ready policy suite from scratch is time-consuming. If you are preparing for initial registration or recertification, the 74-document SIL compliance kit available at ndiscompliant.com.au covers every policy area outlined above, pre-mapped to the current Practice Standards and ready to customise for your organisation.

Whether you use a pre-built kit or build internally, the principle is the same: every document must reflect your actual practice, be understood by your workers, and be supported by evidence you can produce on the day of your audit.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.