Here's the trap most first-time SIL providers fall into. They search "NDIS policies list," download a folder of policy titles, fill in their organisation name, and assume they're ready. Then the audit comes and the auditor doesn't ask "do you have an incident management policy?" — they ask "show me the last three incidents, the procedure your staff followed, the register where they're logged, and the evidence you notified the Commission." A policy document is one quarter of the answer. The other three quarters are the procedure, the register, and the form. Miss any layer and the outcome is flagged.
So this checklist is organised the way an audit actually works — by document layer and Practice Standard outcome, not by a tidy list of titles. If you want the companion piece that lists the 25 core policy areas one by one with what each must cover, our NDIS policies and procedures for SIL: the 25-policy checklist does exactly that. This article is the level above it: the full document system, the 2026 additions, and the order to build it in.
The four document layers (and why a policy alone fails)
Every NDIS Practice Standard outcome is assessed against evidence, and that evidence comes in four layers. Think of them as a chain — break one link and the whole outcome is weak:
| Layer | What it is / what an auditor wants from it |
|---|---|
| Policy | What you do and why. Your organisation's position and commitment on a topic — incident management, medication, privacy. States the principle and points to the procedure. Auditors read it for intent and for the Practice Standard outcome it cites. |
| Procedure | How you do it. The step-by-step a worker follows so the policy happens the same way every time — including at 2am in a SIL home with no manager present. This is where most "good policy, no practice" failures live. |
| Register | Proof it's happening over time. A live log — incidents, complaints, risks, worker screening, training, continuous improvement. A register that hasn't been touched in months tells the auditor the policy isn't real. |
| Form / template | The transaction record. The single incident report, the signed service agreement, the medication chart, the supervision note. Forms are what the auditor samples to test whether the procedure was actually followed in a specific case. |
The reason this matters for your checklist: counting "policies" undercounts the work. A realistic small-provider SIL document set is roughly 25 policy areas, each with its supporting procedures, plus around 10 operational registers and around 25 forms — which is why a complete, audit-mapped kit runs to dozens of documents, not a handful. If a vendor sells you "10 SIL policies" and nothing else, you have one layer of a four-layer requirement.
Policy vs procedure: the distinction auditors test
This is the single most common point of confusion, and getting it right is the difference between a clean audit and a list of corrective actions. The NDIS Practice Standards describe outcomes and the evidence of those outcomes — they don't hand you a numbered document list, which is why the architecture is left to you. But the standards clearly expect both the principle and the practice:
- A policy answers "what is our position and why?" — e.g. "We manage medication to keep participants safe and we comply with the NDIS Practice Standards and relevant state medication legislation."
- A procedure answers "what are the exact steps?" — e.g. "1. Check the participant's name and the chart. 2. Confirm the medication, dose, route and time. 3. Witness as required. 4. Sign the medication chart immediately. 5. If an error occurs, follow the incident procedure and notify the team leader within 30 minutes."
Auditors test the gap between the two. A frequent flag pattern: the policy says "progress notes are written within 24 hours," the auditor pulls a random shift, and the note is four days late. The fix there is operational, not documentary — but your procedure has to describe the real, achievable workflow, and your records have to match it. If you only buy or write policies and never write the procedures underneath them, you've documented your intentions and left your staff to improvise the practice. That improvisation is exactly what an on-site audit catches.
See the full document set before you build it
The SIL Rescue Kit is the complete set — policies, procedures, registers and forms — pre-mapped to the NDIS Practice Standards, including the four new 2026 SIL outcomes. 74 editable Word documents, $297 one-time, versus $4,400–8,000 for a consultant. You can read every page free before you decide.
See what's in the kit →The core document set, mapped to the Practice Standards
Below is the core checklist, grouped by the four Core Module divisions an auditor works through. Each row is a policy area that needs a policy and its procedure(s) and the register/form that proves it runs. Use it as a gap-check: tick what you have at all four layers, flag what you don't.
| Core Module division | Policy areas you need (each with procedures + records) |
|---|---|
| Rights & Responsibilities | Person-centred supports · privacy & confidentiality · independence & informed choice · cultural safety · safeguarding (preventing violence, abuse, neglect, exploitation & discrimination) · complaints & feedback |
| Governance & Operational Management | Governance framework & key personnel · risk management · incident management · information & records management · human resources & recruitment · worker screening · supervision · work health & safety · continuous improvement · financial / claims accuracy |
| Provision of Supports | Access & intake · support planning linked to participant goals · service-agreement use · support delivery & progress notes · transitions in and out of the service |
| Supports Environment | Safe environment / house safety · participant money & property · medication management · mealtime management · infection prevention & control · emergency & disaster management |
Two of these areas cause more SIL non-conformances than any other, so build them properly first: incident management (the policy is easy; the live register, the reportable-incident notifications and the staff who can describe the procedure are what's tested) and worker screening (a clearance on file isn't enough — the auditor wants a register that tracks every worker's screening status and expiry). We cover both in depth in our SIL incident management guide and SIL worker screening requirements. For the line-by-line version of every policy area above, the 25-policy checklist walks each one with what it must contain.
What the four new 2026 SIL outcomes add
This is the part of your document set that's genuinely new — and the part most legacy policy packs don't cover. From 1 July 2026, in-scope SIL providers are certified against the Core Module plus a new supplementary SIL Practice Standards module with four outcomes. Your Core Module documents above still apply; these four add SIL-specific documents on top.
| New SIL outcome | What your document set must now evidence |
|---|---|
| Supported Decision-Making | A policy and procedure for supporting (not substituting) participant choice; records showing how participants are supported to make their own decisions about their home, routines and supports — and how that's evidenced when a participant has limited capacity. |
| Safety | Per-home safety arrangements: environmental risk assessments, emergency and evacuation plans specific to each property, and restrictive-practice authorisation records where any restrictive practice is used (or a clear "none used" position). |
| Workforce Competence and Consistency | Evidence that the workers in each home are competent and consistent — training records mapped to participant needs, induction and competency sign-off, and rostering that supports continuity rather than a churn of unfamiliar faces. |
| Housing and Support Security | SIL service agreements that clearly separate tenancy from support, so a participant's right to their home isn't tied to staying with you as their support provider — plus the transition documentation if support changes. |
The most overlooked of these is Housing and Support Security, because it changes a document you probably already have: your service agreement. Under the new outcome, the agreement has to keep the participant's tenancy and their support arrangement distinct — a point we unpack in our tenancy vs service agreement guide. The full breakdown of all four outcomes is in our new SIL Practice Standards 2026 explainer, and for the Safety outcome specifically, restrictive-practice authorisation is its own discipline — see restrictive practice authorisation for SIL.
Registers and forms: the evidence layer
A policy on its own does not pass an audit. The Commission's assessors check policy against implementation, and implementation lives in your registers and forms. At minimum, a SIL document set needs these registers running and current:
- Incident register — every incident logged, reviewed, and where reportable, notified to the Commission.
- Complaints register — complaints, the response, the resolution and any systemic change made.
- Risk register — organisational and participant-level risks, reviewed on a real cycle.
- Worker screening register — every worker's screening status and expiry date, actively tracked.
- Training register — who's trained in what, with currency dates (first aid, medication, NDIS orientation, Code of Conduct).
- Continuous improvement register — what you found, what you changed, when.
And the forms that generate the records auditors sample: SIL service agreement, incident report, support plan, medication chart, supervision record, induction checklist, house safety inspection, and per-home emergency plan. The rule of thumb: if a procedure describes an action, there should be a form that records it and, over time, a register that aggregates it. For a worked view of how an assessor moves from policy to form to register on any given outcome, our NDIS audit evidence guide walks the three-leg model (document, implementation record, observable practice), and what auditors check for SIL providers shows the same logic applied across a real audit.
The build order: where to start before the deadline
With the 1 July 2026 deadline real and auditors booking out, the question isn't whether to build the set — it's the order. Building everything at once is how providers end up with 25 half-finished documents and nothing audit-ready. Build in this sequence:
- The non-negotiables auditors check first. Incident management, worker screening, and restrictive-practice authorisation (or a documented "none used"). These are the outcomes the Commission treats as safety-critical; a gap here can cap an otherwise-strong audit. Get the policy, procedure, register and form working for these before anything else.
- The four new 2026 SIL outcomes. Supported decision-making, per-home safety/emergency plans, workforce competence records, and tenancy-separated service agreements. These are new, so they're the most likely to be missing entirely from an off-the-shelf pack.
- The rest of the Core Module set. The remaining policy areas in the checklist above — governance, privacy, complaints, medication, mealtime, WHS, financial — each customised and each with its procedure and records.
- The audit-evidence map. A single document that lists each record and the Practice Standard outcome it covers, so the auditor (and you) can see coverage at a glance. This is what turns a folder of documents into an audit-ready system.
Crucially, "build" doesn't mean "write and file." Every document has to be customised to your real organisation — your name, ABN, key personnel, participant cohort, the specific homes you run — and then used, so the registers have real entries before audit day. A pristine, never-used document set reads as a template to an experienced assessor, and template-recognition is itself a non-conformance signal. If you're working back from a known audit date, our how to prepare for your NDIS SIL audit guide sequences the weeks before, and the broader registration steps are in the SIL registration timeline for 1 July 2026.
Don't build 74 documents from scratch against a deadline
The SIL Rescue Kit gives you the complete document set already mapped to the Practice Standards and the four new SIL outcomes — policies, procedures, registers and forms, all editable in Word. $297 one-time, with a 30-day pre-download refund. Read every page free, then decide.
Preview the full kit →The document-set mistakes that cause non-conformances
From the auditor's side of the table, the same document-set failures recur. Check yours against these before you book:
- Policies with no procedures. You stated the intent and never wrote the steps. Staff improvise, and the on-site interview exposes it.
- Procedures no one follows. The procedure describes a workflow your team can't actually do (notes within 24 hours, but no time rostered for them). Documentation and practice diverge.
- Empty registers. A risk register or continuous-improvement register with no entries says the policy exists on paper only.
- Uncustomised templates. Placeholder text, "Generic Provider Pty Ltd," or a policy that mentions services you don't deliver. Immediate template-recognition flag.
- No outcome mapping. The documents exist but nothing tells the auditor which Practice Standard outcome each one covers, so they can't quickly confirm coverage. Add an outcome citation to each document's header.
- Missing the 2026 layer. A pre-2026 pack that covers the Core Module but none of the four new SIL outcomes. Common, and increasingly costly as the deadline passes.
The honest summary: a SIL document set is a system, not a folder. The policy says what; the procedure says how; the form captures the instance; the register proves the pattern; and an outcome map ties it all back to the Practice Standards. Build all four layers, customise them to your real service, use them before audit day, and you walk into your audit able to answer "show me" instead of "we have a policy for that."
Frequently asked questions
What is the difference between a policy and a procedure in NDIS SIL compliance?
A policy states what you do and why — your organisation's position on a topic. A procedure states how you do it, step by step, so any worker can follow it consistently. The NDIS Practice Standards expect both: an auditor reads the policy for intent, then samples the procedure and records to check it's actually carried out. A policy with no matching procedure is a common non-conformance.
How many policies and procedures does a SIL provider need?
There's no number set by the Commission — the Practice Standards describe outcomes and evidence, not a document count. As a baseline, most small SIL providers need around 25 core policy areas (each with procedures), roughly 10 operational registers, and around 25 forms. What matters is coverage: every outcome an auditor samples must be addressed by a document they can find, and every document must be in use.
Do the 2026 SIL Practice Standards change which documents I need?
Yes. From 1 July 2026, in-scope SIL providers are certified against the Core Module plus a new supplementary SIL module with four outcomes: Supported Decision-Making, Safety, Workforce Competence and Consistency, and Housing and Support Security. Your existing Core Module documents still apply, but you also need documents evidencing those four SIL-specific outcomes — including service agreements that separate tenancy from support.
When do my SIL policies and procedures need to be ready?
Mandatory SIL registration begins 1 July 2026, with 1 October 2026 the apply-by milestone in the Commission's transition guidance. Your full set has to exist and be in use before your certification audit — and auditors are booking out well ahead in 2026. Your documents should be customised, implemented and generating records weeks before audit day, not the night before. Confirm your exact pathway with the NDIS Commission.
Important: This article provides general guidance about NDIS SIL documentation requirements. It is not legal or professional advice, and the Practice Standards, transition pathways and deadlines are detailed and subject to change. Always confirm your exact obligations, your registration pathway, and the documents your audit requires with the NDIS Quality and Safeguards Commission before acting.