Registered NDIS providers carry obligations across several areas at once — and each one generates documents an auditor will ask for. The trouble is that each also goes stale the moment no one's maintaining it. Here's the core set every registered provider needs to keep current, and what "current" actually means for each.

The five obligations that produce your core documents

The NDIS Quality and Safeguards Commission Rules set out the obligations that apply directly to providers. Five of them generate the documents at the heart of any audit: [SOURCE: QS Commission Rules — Rules Directly Affecting Providers items 1–5]

Key points

• A Code of Conduct applies to all providers and everyone you engage — registered or not

• An incident management system is required to handle reportable incidents

• A complaints management process is required, including keeping records of complaints received

• Worker screening must be managed for risk-assessed roles

• Behaviour support arrangements apply where restrictive practices are used

What each one means in practice

• Code of Conduct — applies to all NDIS providers and persons they employ or engage, whether or not the provider is registered. [SOURCE: QS Commission Rules item 1] Your induction, training records and conduct policies all trace back to this.

• Incident management and reportable incidents — registered providers must manage certain incidents connected with delivering supports, and the Commission can require remedial action, an internal investigation, or an independent expert. [SOURCE: QS Commission Rules item 2]

• Complaints management and resolution — providers must manage complaints, make information available about how to complain (to the provider and to the Commissioner), and keep records of complaints received. [SOURCE: QS Commission Rules item 3]

• Worker screening — providers may only engage workers in certain roles with a clearance, and must manage the requirements around it. [SOURCE: QS Commission Rules item 4]

• Behaviour support and restrictive practices — where restrictive practices are used, providers must meet the reporting and oversight arrangements and comply with state and territory authorisation rules. [SOURCE: QS Commission Rules item 5]

"Current" is the operative word

Each of these isn't a one-time document — it's a living obligation. A complaints policy with no complaints register behind it, an incident system no one's logged against, a behaviour support arrangement that's drifted from the authorisation rules: each is a gap an auditor will find. Keeping them current is the difference between a clean audit and a corrective action plan.

Practiso holds these as living documents — when the rules change, it flags the policies affected, so you're never relying on a document that's quietly gone out of date.

Keep your core documents current →