The blank page is the hardest part of policy work. Here's the core set of policies most NDIS providers need, what makes one audit-ready, and a faster way to get them written.
The Accorda Team · 24 June 2026
Ask most providers what they find hardest about compliance, and policies are near the top of the list. Not because the work is mysterious — because the blank page is daunting, the list feels endless, and a generic template you found online never quite fits the service you actually run.
This guide lays out the core policies most NDIS providers need, what separates a policy that satisfies an auditor from one that doesn't, and a faster way to get them written without starting from scratch. The focus is NDIS, but if you're in aged care or childcare the same logic applies — your standards differ, the discipline is identical.
It's tempting to treat policies as paperwork — a box to tick before an audit. But your policies are, quite literally, what you're assessed against. The NDIS Practice Standards expect you to have documented systems covering how you're governed, how you deliver supports, how you protect participants' rights, and how you manage your workforce. A policy isn't a formality; it's the evidence that you've thought about how your service operates and committed it to something more durable than memory.
And here's the part that catches providers out: a policy on its own isn't enough. An auditor wants to see that the policy is current, that it fits your actual service, that your staff have read it, and that you follow it in practice. A beautifully written policy nobody has signed or applied is, to an auditor, barely a policy at all.
There's no single universal checklist — the exact policies you need depend on the supports you're registered to deliver. A provider offering specialist behaviour support carries obligations a provider offering basic community access doesn't. That said, most NDIS providers find they need policies across these areas.
Governance and management (how decisions are made and who's accountable)
Risk management
Quality management and continuous improvement
Financial management
Emergency and disaster management
Participant rights, dignity, choice and control
Preventing and responding to abuse, neglect and exploitation
Restrictive practices and behaviour support (where applicable)
Privacy, confidentiality and information management
Consent
Service access and service agreements
Support planning and review
Medication management (where applicable)
Infection prevention and control (where applicable)
Human resource management
Worker screening and recruitment
Code of conduct
Training and ongoing competency
Incident management (including reportable incidents)
Complaints and feedback handling
Work health and safety
If you also deliver in aged care or childcare, you'll carry a parallel set built around the Aged Care Quality Standards or the childcare National Quality Framework respectively. The themes rhyme — governance, safeguarding, workforce, incidents — but the specific requirements and the regulator differ, so the documents shouldn't simply be copied across.
Treat the list above as a starting map, not a finish line. The right move is to confirm it against the specific Practice Standards that apply to your registered supports.
Having a document with the right title isn't the same as having a policy that holds up. Five things separate the two.
It's specific to your service. A generic template that could describe any provider in the country tells an auditor you downloaded it, not that you thought about it. Your policies should reflect your actual supports, settings, roles and processes.
It's current. A policy that references a superseded framework or a review date three years past is a finding waiting to happen. Each policy needs a clear review cycle and a date that proves it's been kept alive.
It maps to the standard. You should be able to point to the requirement each policy addresses. When an auditor asks "show me how you meet this standard," the answer should be a document, not a story.
Your staff have signed off on it. A policy is a control only if the people it governs have actually read it. Being able to show who acknowledged which policy, and when, turns a document into evidence.
It's reviewed and improved. Policies aren't write-once. When a regulation changes or an incident reveals a gap, the policy should change too — and that trail of revisions is itself proof you run a living system.
A policy you can't produce, your staff haven't read, or that hasn't changed in years isn't compliance. It's decoration.
If policies are this important, why do so many providers fall behind on them? Three reasons, and they compound.
The blank page is the real enemy. Knowing you need an incident management policy is easy; sitting down to write one that's complete, correct and specific to your service is a different thing entirely — especially when it's the fourth one you've written that week.
Generic templates don't fit. The free templates floating around are written for nobody in particular, which means they're a poor fit for everybody. You spend as long stripping out what doesn't apply and bolting on what does as you would have spent writing it.
And it's never the priority. Policy work is important but rarely urgent — until an audit looms, at which point it becomes both, all at once, and the scramble begins.
This is the gap Accorda's AI policy tools are built to close. Instead of staring at a blank document, you pick the policy type and the AI writes a tailored first draft for your service — usually in a few minutes. You answer a couple of plain questions about your business (what supports you deliver, who your team is), and the draft reflects that rather than describing a generic provider.
From there you edit and fine-tune — with the AI's help if you want it — and you sign it off before anything goes live. Nothing publishes automatically. The AI produces a starting draft, not legal advice, and it's designed to be read carefully, customised to your business, and where appropriate run past a professional before it becomes your official policy.
It works the other way too. If you already have a policy library, the AI policy review reads your existing documents and flags the gaps an auditor would likely find — so you can see what's missing or weak and fix it, rather than discovering it on audit day.
Once your policies exist, the rest of Accorda keeps them honest: staff sign-offs recorded against each one, review reminders before they fall due, and Regulatory Radar flagging when a change affects a policy you've already written — so your library stays current instead of quietly ageing.
You'll always own your policies — the judgement, the customisation, the final sign-off are yours, and they should be. What you don't have to own is the blank page. Getting a complete, sector-specific first draft in minutes turns policy work from a project you dread into a review you can actually get through.
Want to see your first policy drafted in minutes? Start your free 14-day trial at accorda.com.au — no credit card required.
This article is general information for Australian care and regulated businesses and isn't legal or compliance advice. Always check the current requirements that apply to your service and registration.
Start today
Try Accorda free for 14 days. Full features, no credit card, no auto-charge.
