Is a WHS policy mandatory for NDIS registration?

Yes. Registered NDIS providers must demonstrate compliance with the NDIS Practice Standards, which require an active work health and safety system. This includes a documented WHS policy that is implemented, reviewed regularly, and supported by worker training and hazard management records.

How often should an NDIS WHS policy be reviewed?

At a minimum, an annual review is expected. You should also review your WHS policy after any significant incident, a change in the types of supports you deliver, relevant legislative amendments, or a change in your workforce or service environments.

Do SIL providers need site-specific risk assessments for each participant home?

Yes. Because SIL supports are delivered in individual participant homes rather than a single fixed workplace, auditors expect providers to have completed and documented a risk assessment for each support environment. Generic risk assessments that do not account for the specific hazards in each home are routinely flagged as non-conformances.

What happens if an auditor finds a major non-conformance in my WHS system?

A major non-conformance finding means the provider has not met a requirement of the NDIS Practice Standards. The provider will be required to submit a corrective action plan within a specified timeframe. If the non-conformance is not addressed, the NDIS Commission can take compliance action, which may affect registration status.

Can one WHS policy cover multiple registration groups?

A single WHS policy can apply across your organisation, but it must be sufficiently detailed to address the risks specific to each type of support you deliver. For providers registered across multiple groups — for example, SIL and community participation — the policy should reference group-specific hazards or link to supporting procedures that do.

What evidence do auditors actually ask for during a WHS audit?

Auditors commonly request your current WHS policy with version history, training records for all workers, documented hazard reports and outcomes, site-specific risk assessments, incident records with WHS review notes, and may conduct brief worker interviews to verify that staff understand their WHS obligations.

NDIS WHS Policy: What Auditors Look For

Why your WHS policy is a primary audit focus

Work health and safety sits at the intersection of two distinct but overlapping obligations for NDIS registered providers. Under the National Disability Insurance Scheme (Practice Standards — Quality Indicators) Rules, providers must demonstrate that they actively maintain a safe environment for both participants and workers. Alongside this, state and territory WHS legislation imposes a parallel duty of care. Approved quality auditors assess both simultaneously.

With the strengthened 2026 NDIS Practice Standards framework introducing more rigorous verification requirements, especially for higher-risk registration groups such as SIL (Supported Independent Living), providers who treat their WHS policy as a document-filing exercise rather than a living system face a significantly elevated risk of non-conformance findings.

The five areas auditors examine most closely

1. Policy scope and legislative alignment

The first thing an auditor establishes is whether your WHS policy explicitly references the applicable Work Health and Safety Act in your jurisdiction (for example, the Work Health and Safety Act 2011 at the Commonwealth level and its state and territory equivalents). A policy that omits this reference, or that references superseded legislation, raises an immediate concern.

Auditors also check that the policy covers all relevant duty-holders — the provider as the Person Conducting a Business or Undertaking (PCBU), workers, volunteers, and any contractors who work in participant homes or shared accommodation settings. SIL-specific risks such as manual handling, lone worker arrangements, and behaviour support interactions must be addressed either within the main WHS policy or in clearly referenced supporting procedures.

2. Hazard identification and risk management processes

A WHS policy without a functioning hazard identification and risk management process is one of the most common non-conformance findings. Auditors look for:

A documented process for workers to report hazards, near-misses, and unsafe conditions
Evidence that reported hazards are assessed using a recognised risk matrix or equivalent tool
Records showing that control measures were implemented and reviewed following each hazard report
Site-specific risk assessments for each participant's home or support environment (especially for SIL providers)
A schedule or trigger for reviewing risk assessments — such as after an incident, a change in a participant's support needs, or at defined intervals

The absence of documented risk assessments for individual support environments is frequently flagged as a major non-conformance for SIL providers, because the NDIS Practice Standards require providers to demonstrate that environmental risks have been actively considered in each setting where supports are delivered.

3. Incident reporting linkage

Under the NDIS (Incident Management and Reportable Incidents) Rules, providers have mandatory obligations to report certain incidents to the NDIS Quality and Safeguards Commission. Auditors verify that your WHS policy is visibly connected to your incident management system — not operating as a separate document with no cross-references.

They look for evidence that:

Workers know which WHS-related incidents trigger a reportable incident obligation under the NDIS rules
Your internal incident reporting form captures sufficient WHS information to support a Commission notification
Incidents are reviewed for WHS improvement opportunities, not merely reported and closed

4. Worker training and competency evidence

A written WHS policy is insufficient on its own. Auditors seek evidence that workers have been trained on its contents and that they understand their obligations. This typically means:

Training records or sign-off sheets showing which staff completed WHS induction
Evidence that role-specific WHS training was provided (for example, manual handling training for support workers, lone worker safety protocols for overnight SIL shifts)
Records of WHS refresher training, particularly following incidents or policy updates
Demonstration that new workers received WHS orientation before commencing unsupervised duties

Under the strengthened framework, auditors are increasingly looking for training that is tailored to the actual risks workers face in their role, not generic online modules that have no connection to the specific support environment.

5. Review, sign-off, and implementation evidence

Auditors consistently check the version control and review history of your WHS policy. A document with no review date, or one that was last updated several years ago, signals that the policy is not being actively maintained. Common requirements include:

A clearly visible review date and the name or role responsible for the next review
Sign-off from an appropriate member of leadership (typically the CEO, Operations Manager, or equivalent)
A version history or change log that shows what was updated and why
Evidence that the policy was communicated to staff following each update

Common non-conformance findings — and how to fix them

Finding	Why it matters	The fix
Policy exists but has never been reviewed	Suggests the provider is not actively maintaining a WHS system	Implement an annual review cycle with a calendar reminder and a review checklist
No site-specific risk assessments for SIL homes	Participant homes present unique environmental hazards that generic policies do not address	Complete a documented risk assessment for each support environment and attach to the participant's support plan
WHS policy not linked to incident management procedure	Auditors cannot verify the system is integrated	Add explicit cross-references between documents and align the incident form with WHS data capture requirements
No evidence of worker training	Policy intent cannot be verified without training records	Create a training register and retain sign-off sheets for all WHS inductions and refreshers
Lone worker risks not addressed	SIL workers often work unsupervised overnight or in remote settings	Add a lone worker safety procedure with check-in protocols and escalation contacts
Generic policy not adapted to disability support context	Fails to demonstrate awareness of the specific hazards in NDIS service delivery	Revise the policy to name relevant risks: manual handling, behaviour support, medication handling, and environmental safety in participant homes

What a compliant WHS policy structure looks like

The following is a realistic excerpt from a compliant WHS policy structure. This is illustrative — providers should adapt it to their specific registration group, support types, and state or territory obligations.

Section 3: Hazard Identification and Risk Control

3.1 Purpose
To ensure that all workplace hazards are identified, assessed, and controlled in order to protect the health, safety, and welfare of workers, participants, and visitors in all settings where [Provider Name] delivers NDIS supports.

3.2 Process
All workers are required to report hazards, near-misses, and unsafe conditions using the Hazard Report Form (Form WHS-02). Reports are submitted to the designated WHS Contact within 24 hours of identification.

3.3 Risk Assessment
Each reported hazard will be assessed using the [Provider Name] Risk Assessment Matrix (Appendix A) within five (5) business days. Control measures will be selected in accordance with the hierarchy of controls.

3.4 SIL-Specific Requirements
A documented environmental risk assessment will be completed for each participant's home prior to the commencement of SIL supports and reviewed:
- At least annually
- Following any incident in the home
- Following a change in the participant's support needs or behaviour support plan

3.5 Review
This section of the policy was last reviewed: [Date]. Next scheduled review: [Date + 12 months]. Approved by: [Name, Title].

Preparing for your audit: a practical checklist

Confirm your WHS policy references the correct jurisdiction's Work Health and Safety Act
Verify the policy covers all duty-holders, including contractors and volunteers
Check that a documented hazard reporting process exists and that workers can describe it
Locate site-specific risk assessments for every environment where you deliver supports
Pull training records for all current workers — confirm WHS induction is documented
Cross-reference your WHS policy with your incident management procedure
Confirm the policy has a review date within the last twelve months and a sign-off from leadership
Ensure lone worker arrangements are specifically addressed if relevant to your service model

If you are building or rebuilding your WHS documentation ahead of registration or re-registration, the 74-document audit-ready SIL compliance kit at ndiscompliant.com.au includes a pre-written WHS policy, site risk assessment templates, hazard report forms, and training registers — all formatted to align with current NDIS Practice Standards requirements.

The 2026 strengthened framework: what is changing

The NDIS Commission's strengthened Practice Standards introduce a greater emphasis on active implementation rather than document possession. For WHS specifically, this means auditors are expected to seek more substantive evidence that your WHS system is embedded in day-to-day operations — through worker interviews, observation of support environments, and review of records — not simply by confirming that a WHS policy file exists. Providers who have not reviewed their WHS documentation since the previous audit cycle should prioritise this as an immediate action before their next audit date.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.