What is the difference between a document and evidence of compliance?

A document is a written statement of your policy or procedure. Evidence of compliance also includes records showing the policy is actually followed — for example, signed support plans, training completion logs, incident reports lodged on time, and complaints handled according to your procedure. Auditors look for both.

How long do we need to keep compliance records for NDIS audits?

The NDIS Commission does not set a single universal retention period; you must also comply with applicable state or territory legislation and any specific requirements in the Practice Standards. As a general principle, records relevant to an audit (including incident records and support plans) should be retained long enough to cover at least your current registration period plus any foreseeable complaint or investigation timeframe.

Can participant verbal feedback count as compliance evidence?

Verbal feedback can inform your quality improvement process, but auditors typically require it to be documented — for example, recorded in meeting notes, satisfaction survey summaries, or case notes — to be treated as verifiable compliance evidence. Undocumented verbal feedback cannot be substantiated during a desktop review.

What happens if an auditor finds a gap in our evidence?

The auditor records a non-conformance finding, which is classified as either a major or minor non-conformance depending on risk. Major non-conformances must be addressed before certification or re-certification is granted. Minor non-conformances require a corrective action plan with a defined timeframe. Both types are reported to the NDIS Commission.

Do SIL providers need more evidence than other registered providers?

SIL providers are assessed against the Core and Supplementary Practice Standards, including higher-risk modules such as Implementing Behaviour Support and High Intensity Daily Personal Activities. This means the volume and complexity of evidence required is generally greater than for lower-intensity registration groups.

How often do approved quality auditors assess SIL providers?

The audit type and frequency depend on your registration group risk classification and registration term. Higher-risk providers such as those delivering SIL may be subject to certification audits and mid-term surveillance audits. The NDIS Commission sets the specific audit schedule as part of the registration process.

What Evidence Proves Practice Standard Compliance?

Why the Type of Evidence Matters

Holding an NDIS registration means you have agreed to comply with the NDIS Practice Standards. But compliance is not self-declared — it is assessed by an approved quality auditor who examines concrete, verifiable evidence. The NDIS Commission uses this evidence to determine whether a provider's practices genuinely meet the standards or merely describe them on paper.

For Supported Independent Living (SIL) providers, the evidentiary bar is particularly high because SIL involves continuous, high-intensity support in a person's home. Under the strengthened 2026 framework, auditors apply increased scrutiny to person-centred practice, restrictive practice governance, and workforce competency. Understanding exactly what counts as evidence — and what gaps will trigger a non-conformance finding — is essential before your next audit cycle.

The Four Categories of Compliance Evidence

Auditors group evidence into four broad types. Strong compliance packages contain all four, not just documentation alone.

1. Documentary Evidence

Written policies, procedures, and templates are the foundation. Auditors expect to see:

A current, dated policy for every Practice Standard requirement relevant to your registration groups
Procedures that describe how staff actually carry out the policy in day-to-day work
Forms and templates that workers use (e.g. support plan templates, incident notification forms)
Evidence the documents have been reviewed on a defined cycle and updated when the Commission framework changed

Documents must be accessible to the staff who need them. A 200-page manual on a shared drive that nobody uses is a red flag, not a compliance asset.

2. Records of Practice

Records show that documented procedures are actually followed. For SIL providers, auditors routinely request:

Participant support plans signed by the participant (or their nominee) and reviewed at least as often as the NDIS Practice Standards require
Progress notes demonstrating staff are working toward the goals recorded in the plan
Incident reports lodged with the NDIS Commission within the required notification timeframes
Records of complaints received and the steps taken to resolve them
Restrictive practice authorisation records, including state or territory authorisation where required, behaviour support plans prepared by a registered behaviour support practitioner, and data-collection logs showing ongoing monitoring
Medication administration records where relevant

3. Workforce Evidence

The Practice Standards require providers to engage and maintain a skilled, safe, and supported workforce. Evidence auditors examine includes:

Pre-employment screening records, including NDIS Worker Screening Checks for all workers in risk-assessed roles
Induction records showing new workers completed orientation before unsupervised contact with participants
Training completion records for mandatory topics (e.g. the NDIS Code of Conduct, restrictive practices, emergency procedures, infection control)
Supervision records — both formal scheduled supervision and informal check-ins — demonstrating workers receive ongoing oversight and support
Performance review records
Records showing how the organisation responds when a worker is found not to meet expected conduct standards

4. Governance and Improvement Evidence

The NDIS Commission expects providers to operate quality systems, not just follow rules reactively. Evidence of governance includes:

Internal audit results, including findings and corrective actions
Board or management meeting minutes discussing quality and safety matters
Documented risk registers reviewed and updated regularly
Evidence that incidents and complaints are analysed for themes, not just closed case by case
Continuous improvement plans that trace back to audit findings, incident patterns, or participant feedback

What Auditors Actually Check: A Practical Breakdown

Approved quality auditors conduct both desktop reviews (examining your documents before the site visit) and on-site assessments (interviewing staff, participants, and observers, and checking physical environments). The table below maps common evidence types to the Practice Standard modules most relevant to SIL.

Practice Standard Area	Primary Evidence Auditors Request	Common Non-Conformance
Rights and Responsibilities	Participant agreements, advocacy information provided, records of participants directing their own support	Agreements not signed; no evidence participants understand their rights
Individualised Supports	Signed, current support plans; evidence of participant involvement in planning	Plans outdated, not participant-directed, or filed but never referenced in progress notes
Mealtime Management	Mealtime management plans where relevant, staff training records, dietitian or SLP assessments	Plans in place but staff not trained, or plans not updated after a health change
Restrictive Practices	Authorisation records, behaviour support plan, monitoring data, reduction plan milestones	Unauthorised restrictive practices in use; monitoring data missing; plan not from a registered practitioner
Incident Management	Incident register, NDIS Commission notification records, post-incident review notes	Notifications lodged late; incidents closed without root-cause analysis
Complaints Management	Complaints register, written outcomes to complainants, appeals records	Verbal-only complaints never recorded; no evidence complainants were told the outcome
Human Resources	Worker screening results, training logs, supervision schedules and records	Screening checks expired; no documented supervision; mandatory training gaps

Strengthened 2026 Framework: What Has Changed

The NDIS Commission's strengthened Practice Standards framework places greater emphasis on providers demonstrating outcomes rather than merely having policies. Key shifts that affect the evidence you need to produce include:

Person-centred practice evidence — auditors want to see that plans reflect what participants actually said, including contemporaneous records of conversations, not templated language
Participant feedback as a quality input — evidence that your organisation systematically collects, analyses, and acts on feedback from the people you support
Workforce culture indicators — interview questions directed at workers and participants to triangulate whether documented values match lived experience
Governance depth — for larger SIL providers, evidence that senior leadership actively monitors quality data, not just that a quality team exists

How to Build an Audit-Ready Evidence File

Map your registration groups to the specific Practice Standard modules that apply — do not collect evidence for standards you are not registered under, but do not miss any that do apply.
Create an evidence index that lists each standard, the document or record that satisfies it, the file location, the date of last review, and the person responsible.
Run an internal gap audit at least six months before your registration renewal or surveillance audit. Use the Commission's own guidance documents and audit criteria as your checklist baseline.
Address gaps systematically — document each gap, assign a corrective action owner, set a deadline, and record when the action was completed.
Conduct staff interview preparation — brief workers on what auditors ask and ensure their verbal answers align with what is in the documentation. Discrepancies between documents and staff accounts are a frequent non-conformance trigger.
Archive and date-stamp everything — auditors need to see a version history for key policies to confirm they are maintained over time, not created the week before the audit.
Review after every significant incident — post-incident governance evidence (root cause analysis, corrective action, monitoring) is among the most closely scrutinised evidence for SIL providers.

A Note on Templates and Pre-Built Kits

Many smaller SIL providers spend significant time building their documentation systems from scratch. If you are approaching registration or renewal, the 74-document audit-ready SIL compliance kit available at ndiscompliant.com.au provides a structured starting point — covering policies, procedures, forms, and registers mapped to the current Practice Standards — which you can adapt to your organisation's specific context rather than beginning with a blank page.

Regardless of the tools you use, customisation matters: auditors consistently find that providers who have simply downloaded generic templates without adapting them to their actual practices fail to demonstrate genuine compliance. Every document should reflect how your service actually operates.

Summary: The Evidence Auditors Want to See

In plain terms, auditors are answering one question: does this provider do what they say they do, and does what they do genuinely keep participants safe and support their rights? The answer is found not in a single policy document but in a consistent thread running from your written systems, through your records of practice, through your workforce capability, and into the real experiences of the people you support.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.