How long does a provider have to submit a corrective action plan after an audit?

The timeframe is set by the approved quality auditor or the NDIS Commission and depends on the severity of the non-conformance. Major non-conformances — those posing a direct risk to participant safety — typically attract shorter timeframes than minor non-conformances. Your audit report or compliance notice will specify the exact deadline, which must be met or extended by agreement with the auditor or Commission.

What happens if a provider does not submit a corrective action plan on time?

Failure to submit a satisfactory CAP within the required timeframe is itself a compliance matter. The NDIS Commission may place conditions on a provider's registration, refuse to renew registration, or in serious cases suspend or cancel registration under the NDIS Act 2013. Prompt, thorough action is essential.

Can a corrective action plan be rejected?

Yes. An approved quality auditor or the Commission can assess a submitted CAP as insufficient if the root cause analysis is inadequate, if actions do not address the non-conformance, if due dates are missing, or if proposed evidence of completion would not actually demonstrate a change in practice. Providers are then required to revise and resubmit.

Do minor non-conformances require a corrective action plan?

Yes. Both major and minor non-conformances identified during an NDIS audit require a corrective action plan. The difference lies in the timeframe and the urgency of the response. Minor non-conformances may allow a longer period for resolution, but they must still be formally addressed with documented corrective and preventive actions.

Should participants be involved in a corrective action plan?

Where a non-conformance directly affected participants, the 2026 strengthened NDIS Practice Standards expect providers to demonstrate participant involvement in the response — at a minimum by informing affected participants and their advocates, and ideally by including their input in designing the remedy. This reflects the Commission's emphasis on participant voice and co-design.

Is there a standard NDIS corrective action plan template?

The NDIS Commission does not mandate a single prescribed template, but approved quality auditors assess CAPs against consistent criteria drawn from the Practice Standards. Providers are free to use their own format, provided all required elements — non-conformance reference, root cause, actions, owners, due dates, evidence, and verification method — are clearly addressed.

What is a Corrective Action Plan? A Guide for NDIS SIL Providers (2026)

What Is a Corrective Action Plan Under the NDIS Framework?

A corrective action plan (CAP) is a structured, written response that an NDIS registered provider must produce whenever an approved quality auditor or the NDIS Quality and Safeguards Commission (the Commission) identifies a non-conformance with the NDIS Practice Standards. It is not a voluntary improvement document — it is a compliance obligation, and failure to complete a satisfactory CAP within the required timeframe can result in conditions being placed on your registration, suspension, or cancellation.

For Supported Independent Living (SIL) providers and other registered providers delivering higher-risk supports, corrective action plans sit at the heart of the audit cycle. Under the strengthened NDIS Practice Standards framework that took full effect in 2026, the expectations around root-cause analysis, participant involvement, and verification of closure have become considerably more rigorous.

When Does a Provider Need a Corrective Action Plan?

A CAP is required in any of the following situations:

An approved quality auditor identifies a major non-conformance or minor non-conformance during an initial registration audit, renewal audit, or surveillance audit.
The Commission issues a compliance notice or written direction following a complaint investigation, reportable incident review, or monitoring activity.
A provider's own internal audit or quality management review uncovers a systematic failure against the Practice Standards — while not always mandated externally, a documented CAP demonstrates the continuous improvement culture auditors expect to see.
A restrictive practice has been used outside the conditions of a behaviour support plan, prompting Commission follow-up.

Major non-conformances — those posing a direct risk to participant safety, rights, or wellbeing — attract the shortest timeframes for resolution and the most scrutiny from auditors at the verification stage.

What Must a Corrective Action Plan Include?

The NDIS Commission does not prescribe a single mandatory template, but approved quality auditors and Commission officers assess CAPs against consistent criteria drawn from the Practice Standards and the Commission's audit frameworks. A compliant CAP must address each of the following elements:

Reference to the specific non-conformance. Quote the Practice Standard clause (or sub-element) that was not met. For example, if the finding relates to incident management, cite the relevant Core Module requirement and the exact evidence gap identified in the audit report.
Description of the problem and its scope. Explain what was found, which participants or cohorts were affected, how long the gap existed, and how it was detected. Avoid vague language — auditors expect specifics.
Root cause analysis. This is the element most commonly done poorly. A CAP that says "staff were not trained" without explaining why training did not occur will not satisfy a major non-conformance. Use a structured method (5 Whys, fishbone diagram, or similar) and document your findings in plain language.
Corrective actions. List every discrete action required to close the non-conformance. Each action must have a named person responsible (role title is acceptable), a due date, and a description of the output — for example, "update the incident reporting procedure" is weaker than "revise Procedure INM-002 to include mandatory escalation to the NDIS Commission within 24 hours of a reportable incident, for sign-off by the Quality Manager by [date]".
Preventive actions. Beyond fixing the immediate gap, describe what systemic change will prevent recurrence. This might include a new internal audit schedule, a policy review cycle, refreshed induction training, or a supervisor oversight protocol.
Evidence of completion. For each action, specify what evidence will exist when it is done — revised policy version, training attendance records, meeting minutes, updated risk register entry, or a new monitoring report template.
Verification method and date. State how and when your organisation will verify that the corrective action has been embedded in practice — not just documented. Auditors check this at the subsequent surveillance audit.
Participant involvement (where appropriate). The 2026 strengthened framework places increased emphasis on co-design and participant voice. If the non-conformance directly affected participants, document how they or their advocates were informed, consulted, or involved in designing the remedy.

Corrective Action Plan vs. Improvement Plan: Understanding the Difference

Feature	Corrective Action Plan	Improvement Plan / Quality Initiative
Trigger	Non-conformance identified by auditor or Commission	Provider-initiated; no non-conformance required
Mandatory?	Yes — non-compliance may affect registration	No — reflects good practice culture
Timeframe	Set by auditor or Commission; often 30–90 days for major non-conformances	Set by provider at discretion
Verification	Assessed by approved quality auditor or Commission officer	Internal review only unless included in audit scope

Common Mistakes Providers Make with Corrective Action Plans

Based on the types of non-conformances commonly identified across NDIS audits, the following errors frequently cause CAPs to be rejected or require resubmission:

Treating a policy update as the entire solution. Rewriting a procedure document fixes documentation — it does not fix practice. Auditors expect evidence that staff have received the updated procedure, understood it, and that practice has changed.
Vague root causes. Statements like "inadequate communication" or "staff were busy" do not constitute root cause analysis. Drill deeper until you reach a systemic or structural factor that can actually be changed.
Missing due dates or no named owner. Every action line in the CAP must have both a date and a responsible person. Open-ended actions with no deadline will be assessed as incomplete.
Closing the CAP before evidence exists. Marking an action "complete" before the revised training has been delivered, or before the updated policy has been approved and distributed, is a significant error that an auditor will identify at verification.
Not considering participant impact. Under the strengthened 2026 standards, providers are expected to demonstrate that participants are at the centre of quality and safeguarding responses — not just the administrative process.
Forgetting to link back to the specific Practice Standard clause. Each corrective action should trace back to the clause it addresses. This makes the auditor's verification task straightforward and demonstrates systematic thinking.

Practical Steps: How to Build a Corrective Action Plan That Closes

Obtain the audit report or compliance notice in writing and read every non-conformance finding carefully before drafting anything.
Assemble the right people — quality manager, team leader for the affected service, and a participant advocate or representative where the non-conformance affected a person's safety or rights.
Complete the root cause analysis before writing a single corrective action. Actions that do not address root cause will recur.
Draft each action line with the format: Action / Owner (role) / Due date / Evidence of completion / Verification method.
Set an internal review date at least two weeks before the external submission or audit deadline to allow time for corrections.
Track progress in a register — a shared spreadsheet or quality management system entry — so that nothing slips past the deadline.
At closure, compile all evidence into a single organised package (folder, PDF bundle, or QMS record) ready for auditor review.

A Note on the 2026 Strengthened Practice Standards

The NDIS Practice Standards were strengthened progressively from 2023, with the full revised framework applying to SIL and other high-intensity support providers by 2026. Key changes relevant to corrective action plans include:

Strengthened requirements around governance and operational management, meaning boards and senior leaders are now assessed on whether they understand and act on audit findings — not just quality teams.
Greater weight given to participant outcomes and voice as direct evidence of Practice Standards compliance, not simply policy documentation.
Tighter expectations around behaviour support and restrictive practices, where non-conformances are escalated more rapidly and CAP timeframes are correspondingly short.

If your organisation is preparing for a registration renewal audit or responding to a Commission compliance notice, having a bank of tested, clause-mapped quality documents substantially reduces the time it takes to produce a credible CAP. The 74-document audit-ready SIL compliance kit available at ndiscompliant.com.au includes a corrective action plan template, a non-conformance register, root cause analysis worksheets, and the full suite of core and SIL-specific policies mapped directly to the Practice Standards.

Summary

A corrective action plan is a provider's formal commitment to fixing an identified compliance gap — and to demonstrating, with evidence, that the fix is real and lasting. Done well, a CAP protects participants, satisfies auditors, and strengthens your organisation's quality systems. Done poorly, it delays registration renewal and can trigger further Commission scrutiny. The investment in getting it right, every time, is one of the most practical things a SIL provider can do in the current regulatory environment.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.