Non-conformances make providers nervous, but they shouldn’t!
A non-conformance isn’t a judgement that you’re a bad provider or that you don’t care about your participants, but it is a signal that there’s a gap somewhere in your systems. Knowing where those gaps are is genuinely useful, whether you’re preparing for an audit or just trying to run a better service – would you prefer the auditor to find a gap, or for that gap to go unnoticed until an incident happens later on?
Certain gaps are quite common. In this article, I’ll walk you through the most common non-conformances that I would spot in NDIS Certification audits, and hopefully provide you with some extra knowledge to make sure these gaps don’t exist in your own systems. (Note: keeping to the Core Module only for now!)
Emergency and disaster management
This is one of the most consistently flagged areas since the updated Practice Standards came into effect in 2021.
Many providers do have an emergency management policy (often a purchased one) that references their emergency management plans, how they’re reviewed, and who’s responsible for maintaining them. But the actual plans themselves haven’t been provided or developed at all. The policy describes a good system but the system hasn’t been built.
Every provider needs organisational emergency management plans regardless of the cohort they support. Emergencies and disasters don’t only affect people with high support needs. Your therapy clinic can be affected by fires or floods just as much as a high-needs group home, even if the response may differ. So you do need a plan. (Check out our guide for small providers here on writing your emergency management plan).
The second gap is individual emergency planning. Some providers, particularly those delivering lower-intensity supports (like therapeutic services where participants attend appointments independently), assume individual emergency planning isn’t relevant to their cohort. But the standard doesn’t allow you to simply not address it – sorry! What it does allow is for you to document that you’ve considered it and determined that a participant doesn’t require additional assistance in an emergency. A checkbox in a support plan or participant file that records that consideration is a good piece of evidence.
Not mentioning it anywhere isn’t the same as it not being applicable.
Quality management
Quality management is one of the most misunderstood standards in the Core Module, and the gap is usually conceptual rather than practical.
Many providers have a quality management policy or framework and believe that’s what the standard requires, but it’s not. The policy describes your approach to quality, but the quality management system is everything: your incident management, your complaints process, your continuous improvement activities, your internal audits, your feedback mechanisms, your governance structures. All of it together constitutes the system.
A provider who understands this tends to have a much easier time demonstrating compliance, because they can point to how all the pieces connect. A provider who thinks the policy document is the system tends to struggle to explain how quality is actually managed in their organisation, because they haven’t thought about it that way.
If you’re not sure whether you have a functioning quality management system, ask yourself: if something went wrong in my service, how would I know? How would I learn from it? How would I make sure it doesn’t happen again? How do I make sure my service is actually running in accordance with our documentation? If you can answer these questions and point to the processes behind them, you’re on the right track.
Providing information to participants
Several practice standards require providers to give participants information about specific aspects of their service: how to make a complaint, how incidents are managed, how their personal information is handled, and how to contact the NDIS Commission directly if they want to raise a concern. The requirement isn’t just to have these policies, it’s to actively provide this information to participants in a format that they can understand.
Two things commonly go wrong. The first is that it doesn’t happen at all, providers intend to cover it but don’t have a consistent process for making sure every participant receives it. The second is format. Handing a participant a 20-page policy document doesn’t meet the intent of the standard. The information needs to be accessible, which means it needs to be in a format, language, and level of complexity that suits that participant’s communication needs.
A purchased participant handbook that doesn’t reflect your actual service has the same problem as a purchased policy manual, it describes someone else’s business processes, and participants and auditors both notice.
Support planning
Some providers believe they don’t need support plans because of the nature of their work. This comes up regularly in audit reports, and it’s a misreading of the standard.
The support planning standard applies across service types. The level of detail and format of a support plan should be proportionate to the complexity of the supports being delivered, but the requirement to have one doesn’t go away because your service type feels more clinical or less care-intensive.
If you’re a speech pathologist, occupational therapist, or exercise physiologist delivering NDIS-funded supports, your participants need support plans. What those plans contain will look different from a SIL provider’s support plans, but they need to exist.
Transitions (particularly transitions out and temporary transitions)
Most providers have reasonable processes for transitions into their service. Getting participants onboarded, conducting initial assessments, and establishing support plans tends to be well documented because it’s the start of the relationship and providers are naturally focused on it.
Transitions out are often not documented as well. What happens when a participant ends their relationship with your service? Is there a documented process? Is there a handover? Is there a risk assessment to make sure the transition is safe and effective?
The 2021 standards update also introduced temporary transitions, periods where a participant temporarily moves to another service or setting, and this addition is frequently missed entirely. Providers who have updated their documentation since 2021 sometimes still don’t mention it. You don’t need an elaborate process, but you do need to demonstrate that you’ve considered what a safe and effective temporary transition looks like, what information gets handed over, and who is responsible for managing the process.
A few others worth checking
Beyond the standards above, a handful of other areas come up consistently enough to be worth reviewing in your own systems:
Governance and key personnel obligations: smaller providers sometimes don’t realise the fit and proper person requirements apply to them, or don’t maintain the evidence to demonstrate it. Key personnel also need worker screening, even if they don’t have direct contact with participants.
Continuity of supports: having a plan for what happens if you can’t deliver supports is particularly important for sole traders and small providers where one person’s absence could affect multiple participants.
Conflict of interest: providers sometimes assume this standard is aimed at large organisations, but it applies to everyone. Dual relationships (e.g a provider who is also a friend or family member of a participant, a support coordinator having close personal relationships with providers of other supports) are exactly the scenario it’s designed to address, and small providers are more likely to find themselves in these situations, not less.
Feedback and complaints as a system: having a complaints policy is not the same as having a functioning complaints system. Auditors look for evidence that complaints are received, recorded, responded to, closed out, and learned from.
What to do with this information?
If you’ve read through this list and recognised your own service in some of it, that’s not a bad thing! It means you now know where to look and focus your energy.
The most useful thing you can do is review your systems against these areas. Not to prepare for an audit, but to ask honestly whether your processes are working the way they should be. Are your participants actually receiving information about their rights? Do you have individual emergency considerations documented for every participant? Does your team understand what your quality management system is and how it works?
Asking these questions is the best way to identify and address gaps in your systems, before they escalate into something bigger.
If you’ve been through an audit recently and the auditor identified some non-conformances, check out our guide on what this actually means and what to do next.
