Getting staff to sign a policy once is easy. Proving they've read the current version — when the rules keep changing — is where audits are won or lost. Here's how.
The Accorda Team · 28 June 2026
Most care providers have policies. Far fewer can prove their staff have actually read them.
That gap is one of the first things an auditor goes looking for — and it's one of the easiest places to come unstuck. You can have a beautifully written incident policy, but if there's no record that the support worker who handled last month's incident had ever read it, the policy did nothing. On paper you're compliant. In practice, you can't show it.
This post is about closing that gap: what a policy sign-off actually proves, what auditors accept as evidence that staff know the rules, and why the part most providers get wrong isn't getting staff to sign — it's keeping those sign-offs current when the rules change.
It applies across the board — NDIS, aged care, allied health, dental and early learning all carry workforce expectations that staff are competent, trained, and supported, with records to prove it. And it's the practical follow-on from our companion piece, What Auditors Are Really Looking For: if that post explained that auditors test whether your staff follow your policies, this one is how you show they do.
A policy is a statement of intent. A sign-off is evidence that the intent reached the people who have to act on it.
That distinction matters more than it sounds. When something goes wrong and a regulator asks how it happened, "we had a policy" is a weak answer on its own. The stronger answer is: "we had a policy, every relevant staff member acknowledged it on this date, and here's the record." One is a document. The other is a control — a system that demonstrably shapes how people behave.
An unsigned policy is just a document. A signed one — with a name, a date, and a fresh sign-off when it changed — is a control.
This is exactly the lens an auditor brings. Under the NDIS Practice Standards, human resource management is a core requirement: providers are expected to have a system for identifying, planning, recording and evaluating workers' training, and auditors will examine training and induction records and interview staff about it. Aged care's strengthened Quality Standards put workforce capability front and centre, with the same emphasis on being able to demonstrate it. The National Quality Framework expects early learning services to show educators are qualified and supported. Different frameworks, one shared expectation: don't just tell us your staff are across the rules — show us.
Auditors aren't looking for anything exotic. They're looking for a clear, dated trail. In practice that usually means a few things working together.
Acknowledgement of policies. A record that each staff member has read and signed off on the policies relevant to their role — with a name and a date attached, not a vague "all staff were emailed the handbook." The date is what turns it from a claim into evidence.
Induction and onboarding records. Proof that new starters completed their orientation before they began working unsupervised — including, for NDIS workers, the mandatory NDIS Worker Orientation Module. An auditor will often sample a recent hire and ask to see exactly this.
Role-specific and refresher training. Evidence that staff doing higher-risk work have the specific competencies for it, and that training is refreshed rather than done once and forgotten. For some supports this is explicit — the NDIS Practice Standards, for instance, require recorded, participant-specific training for things like complex bowel care or dysphagia management.
The common thread is that none of these are about the quality of your policy. They're about whether you can connect a real person to a real acknowledgement on a real date. That connection is the evidence.
Here's where good intentions quietly fall apart.
Getting staff to sign off on a policy once is the easy part. The hard part is what happens when that policy changes — and policies change constantly, especially with the pace of regulatory reform across the care sector right now.
The moment you update a policy, every sign-off against the old version is, in a sense, out of date. Your team acknowledged a document that no longer reflects what they're meant to do. If you're tracking this in a spreadsheet, nothing tells you this has happened. The sign-offs sit there looking complete, while the reality underneath them has shifted. Then an auditor pulls the policy, sees it was revised in March, checks the sign-offs, and finds half the team last acknowledged the previous version in the prior year. That's a finding — and a fair one.
This is the difference between a static record and a living one. A pile of one-time sign-offs gives false comfort. What you actually need is a system that knows when a policy has changed and brings the relevant staff back to re-acknowledge the new version — so "signed" always means "signed the current version," not "signed something, once, a while ago."
The same logic extends past version changes. Audit-readiness on the workforce side isn't a state you reach once; it's something that has to keep up with three moving parts: your policies change, your standards change, and your people change.
New staff join and need onboarding before they start. Existing staff need refresher training on a sensible cycle. Someone's competency for a specific support needs re-confirming. And all of it has to be visible — not just "did this happen" but "what's overdue right now, and who owns it." A provider who can answer that on any given day, without preparing for it, is in a completely different position to one who scrambles to assemble training records the week an audit lands.
That's also the deeper point auditors are making with the sector-wide shift from process to outcomes: they want evidence captured as you go, woven into daily work, not reconstructed under pressure. Workforce records are one of the clearest places that shows.
Plenty of providers run this on a spreadsheet, and for a very small team it can limp along. But it breaks in predictable ways.
It can't tell you what's overdue without someone manually cross-checking dates. It has no concept of policy versions, so it can't flag that a sign-off has gone stale. It relies on someone remembering to chase the people who haven't signed. And when the audit comes, producing a clean, person-by-person history means a fortnight of reconstructing records from emails and memory — which is exactly the scramble the whole exercise is meant to avoid.
The failure isn't the spreadsheet itself. It's that the work is fundamentally about change over time — versions, due dates, new starters, renewals — and a static grid of cells has no way to track change.
This is the gap Accorda is built to close, and it's worth being precise about what it does.
You assign policies to staff by role, and each person gets a clear training record: what they've acknowledged, what's still due, and what's overdue — with a simple completion figure so you can see at a glance how much of your team is signed and current. Every sign-off is captured with the exact date and time it was recorded, so an acknowledgement is a real, timestamped event, not a tick someone added later.
The part that matters most: when you publish a new version of a policy, the staff who need it are automatically brought back to re-sign. Your sign-offs don't silently go stale, because the system treats a changed policy as something that needs fresh acknowledgement — not a quiet edit nobody notices.
And when an auditor asks, the proof is already assembled. Accorda's evidence packs include a per-staff training record — every policy that person has acknowledged, anything still outstanding — alongside each policy's version history and the acknowledgement trail behind it, with integrity safeguards that let the records be checked independently. So instead of rebuilding history under pressure, you export it.
It won't make your staff competent — that's your team's work, and good training is still good training. What it does is make that work provable on the day someone asks, without the scramble.
Want your staff sign-offs to be audit-ready without chasing them? See how Accorda keeps policies, sign-offs and training records current and in one place at accorda.com.au.
NDIS Quality and Safeguards Commission — NDIS Practice Standards
NDIS Quality and Safeguards Commission — Worker orientation module
Aged Care Quality and Safety Commission — Strengthened Aged Care Quality Standards
ACECQA — National Quality Standard
This article is general information for Australian care and regulated businesses and isn't legal or compliance advice. Requirements differ by sector, registration and service type, and they change over time. Always check the current standards that apply to your service. Last updated June 2026.
Start today
Try Accorda free for 14 days. Full features, no credit card, no auto-charge.
