NDIS Code of Conduct Policy Template: Free Download
A well-structured NDIS code of conduct policy template gives providers a clear, audit-ready foundation for demonstrating compliance. This guide explains what the policy must contain, provides a detailed sample structure, and shows you how to customise it for your organisation.
Every registered NDIS provider needs a formal Code of Conduct policy. The policy communicates your organisation’s standards to staff, supports a culture of participant safety, and provides documented evidence during NDIS audits. Without a policy, you leave your compliance position exposed.
An NDIS code of conduct policy template removes the guesswork from this process. Rather than building from scratch, you work with a proven structure aligned to the NDIS Code of Conduct and the requirements of the NDIS Practice Standards.
This guide walks you through every component of the template, how to tailor it, and how to keep it current. Use the sample structure provided here as the basis for your own compliance document template.
What Is an NDIS Code of Conduct Policy?
An NDIS Code of Conduct policy is a formal governance document that describes how your organisation and its workers will meet the obligations in the NDIS (Provider Registration and Practice Standards) Rules. It translates the seven legally binding obligations into practical expectations, procedures, and accountabilities for your team.
The policy is distinct from a code of conduct itself. A code of conduct typically addresses broader workplace behaviour. Your NDIS-specific policy focuses exclusively on how your organisation delivers on the seven NDIS obligations in relation to participants, their families, and the broader community.
It serves multiple purposes:
- Evidence for NDIS certification and re-verification audits
- A reference document for staff induction and ongoing training
- A framework for investigating and responding to alleged breaches
- A signal to participants and families that your organisation takes safety seriously
Why You Need a Code of Conduct Policy
NDIS registered providers must demonstrate compliance with governance and operational management standards. A code of conduct policy is a core compliance document required to meet those standards. Auditors will ask to see it. Your workers need to understand it. Participants and families deserve to know it exists.
Beyond audit requirements, a strong code of conduct policy drives everyday behaviour. When workers understand exactly what is expected of them — and what the consequences of non-compliance are — your organisation functions more safely and consistently.
Important: A policy that sits in a folder and is never read or applied offers little real protection. The policy must be embedded in induction, training, supervision, and performance management processes to have genuine impact.
Providers without a documented NDIS provider policy template for the Code of Conduct face real risks: poor audit outcomes, difficulty investigating complaints, and limited ability to demonstrate a culture of compliance. Reviewing the NDIS compliance checklist alongside your policy development ensures you cover all required areas.
What to Include in Your NDIS Code of Conduct Policy
A complete code of conduct policy covers six core areas. Each area should be clear, practical, and specific to your organisation’s operations.
1. Purpose and Scope
The purpose section explains why the policy exists and what it is designed to achieve. It references the NDIS Code of Conduct, identifies the governing legislation, and states that the policy applies to all workers — including employees, contractors, volunteers, and students on placement.
The scope should also address how the policy applies across different service delivery settings, such as in-home support, day programs, and supported independent living.
2. Definitions
Clear definitions prevent ambiguity. Your policy should define key terms including:
- Worker (as defined under the NDIS Act)
- Participant
- Breach (and the difference between a breach and a minor lapse)
- Reportable incident
- Restrictive practice
- Sexual misconduct
3. The Seven Code of Conduct Obligations
This is the core of your compliance document template. Dedicate a section to each of the seven obligations. For each obligation, state:
- The obligation in plain language
- What compliance looks like in your services
- Examples of behaviours that meet the obligation
- Examples of behaviours that would constitute a breach
- The relevant procedure or process workers must follow
4. Responsibilities and Accountabilities
Specify who is responsible for what. At minimum, define the responsibilities of:
- The CEO or responsible person
- Managers and supervisors
- All workers
- The designated compliance officer (if applicable)
5. Breach Reporting and Response Procedures
This section explains how workers should report a suspected breach, how the organisation investigates it, and what happens next. Include timelines for investigation, confidentiality expectations, and the escalation pathway to the NDIS Commission for matters that cannot be resolved internally.
Cross-reference your incident management procedures and reportable incident obligations here, since some Code breaches also constitute reportable incidents.
6. Training and Induction Requirements
Document how and when workers will be trained on the Code of Conduct. Include initial induction requirements, the frequency of refresher training, and how training completion is recorded. Link to worker orientation materials and any e-learning resources.
Sample Policy Structure: Detailed Outline
Use this outline as the basis for your NDIS provider policy template. Adapt the section headings and content to reflect your organisation’s structure, service types, and size.
Section 1: Policy Overview
- 1.1 Policy title and document number
- 1.2 Effective date and version number
- 1.3 Policy owner and approver
- 1.4 Review date
- 1.5 Related documents and legislation
- 1.6 Purpose statement
- 1.7 Scope of application
Section 2: Definitions
- 2.1 Worker
- 2.2 Participant
- 2.3 Code of Conduct breach
- 2.4 Reportable incident
- 2.5 Restrictive practice
- 2.6 Sexual misconduct
Section 3: Code of Conduct Obligations
- 3.1 Obligation 1 — Act with respect for individual rights
- 3.2 Obligation 2 — Respect participant privacy
- 3.3 Obligation 3 — Provide supports safely and competently
- 3.4 Obligation 4 — Act with integrity, honesty, and transparency
- 3.5 Obligation 5 — Promptly raise and act on safety concerns
- 3.6 Obligation 6 — Prevent and respond to violence, abuse, neglect, and exploitation
- 3.7 Obligation 7 — Prevent and respond to sexual misconduct
Section 4: Responsibilities
- 4.1 Responsible person / CEO obligations
- 4.2 Manager and supervisor obligations
- 4.3 Worker obligations
- 4.4 Compliance officer role
Section 5: Reporting a Breach
- 5.1 Internal reporting procedure
- 5.2 External reporting obligations (NDIS Commission, police)
- 5.3 Anonymous reporting options
- 5.4 Whistleblower protections
- 5.5 Investigation process and timeframes
- 5.6 Outcomes and consequences
Section 6: Training and Induction
- 6.1 Induction training requirements
- 6.2 Refresher training schedule
- 6.3 Training record requirements
- 6.4 Resources and support materials
Section 7: Policy Review and Maintenance
- 7.1 Review schedule
- 7.2 Review triggers (regulatory changes, incidents, audits)
- 7.3 Communication of policy updates to staff
- 7.4 Document control and version history
Section 8: Acknowledgement and Sign-Off
- 8.1 Worker acknowledgement form
- 8.2 Policy approval record
How to Customise for Your Organisation
A generic provider compliance document only becomes a genuine compliance tool after careful customisation. The following steps ensure your policy reflects your organisation’s real operations.
Step 1: Identify Your Service Types
The risks and behaviours relevant to your Code of Conduct obligations differ by service type. An in-home support provider faces different consent and privacy challenges than a group day program operator. Customise the obligation-specific sections to include examples relevant to your service delivery model.
Step 2: Align with Your Existing Procedures
Your Code of Conduct policy should reference — not duplicate — your existing incident management, complaint handling, and human resources procedures. Cross-reference the relevant policy or procedure numbers throughout the document so workers know where to go for more detail.
Step 3: Use Plain Language
Policies that are difficult to read are rarely read. Write in plain English. Use active voice, short sentences, and concrete examples. Avoid legal jargon where possible. A plain-language policy communicates respect for your workers and increases the chance that they will actually absorb its content.
Step 4: Consult Your Workers
Workers who contribute to the policy’s development are more likely to understand and follow it. Consult frontline staff during the drafting process. Ask them what situations they find ambiguous and what examples would be most useful. Their input strengthens the policy and builds ownership.
Step 5: Have the Policy Approved at Board or Executive Level
The policy must be formally approved by your responsible person or board. This approval signals organisational commitment and satisfies audit requirements for governance documentation. Record the approval date, approver name, and version number in the policy header.
Tip: Pair your Code of Conduct policy with a worker acknowledgement form. Each worker should sign to confirm they have read, understood, and agree to comply with the policy. Keep these records for audit purposes.
Review and Update Schedule
An outdated NDIS provider policy template is a compliance liability. Establish a clear review schedule and stick to it.
| Review Trigger | Action Required | Timeframe |
|---|---|---|
| Annual scheduled review | Full policy review and refresh | Within 30 days of review date |
| NDIS legislative change | Update affected sections, re-approve | Within 60 days of change |
| Adverse incident or substantiated breach | Review relevant obligation sections | Within 30 days of incident outcome |
| NDIS audit finding | Address non-conformances | Per corrective action plan |
| Significant operational change | Review scope and procedures | Prior to change taking effect |
After each review, communicate changes to all workers. Record a summary of what changed and why in the document version history. Re-obtain worker acknowledgements if the changes are substantial. Pair your policy review with an update to your service agreements if the changes affect how you describe obligations to participants.
People Also Ask
What is the difference between an NDIS Code of Conduct and a workplace code of conduct?
A workplace code of conduct covers general employee behaviour such as attendance, communication, and professional conduct. The NDIS Code of Conduct is a legally mandated set of seven obligations specifically relating to how providers and workers behave toward NDIS participants. Both can be addressed in separate policies, or the NDIS obligations can form a dedicated section of a broader workplace code.
Does the Code of Conduct policy need to be given to participants?
Yes. Participants should be informed of your organisation’s commitment to the Code of Conduct, typically through your service agreement and participant handbook. You are not required to share the full policy document, but participants have the right to access it on request.
How long should an NDIS Code of Conduct policy be?
Length should match complexity. For small providers with a single service type, a well-structured policy of 8–12 pages is usually sufficient. Larger providers delivering multiple service types may need a more comprehensive document. Quality matters more than length — a focused, clearly written policy is more effective than a lengthy document full of generic content.
Can I use a policy template from a disability peak body?
Yes. Many state and national disability peak bodies publish template policies for members. Always customise any template to reflect your specific services, workforce, and procedures before using it. A generic template submitted unchanged during an audit signals poor governance.
Who needs to sign the Code of Conduct acknowledgement form?
Every worker — including employees, contractors, volunteers, and students on placement — should sign an acknowledgement confirming they have read and understood the policy. This should occur at induction and again whenever the policy is substantially updated.
What happens if a worker breaches the policy?
A breach of the Code of Conduct policy is a serious matter that may also constitute a breach of the NDIS Code of Conduct itself. Internal consequences range from additional training and supervision to termination of employment. Serious breaches must be reported to the NDIS Commission and may result in enforcement action including banning orders.
How Inficurex Helps Providers Build Compliance Documents
Developing a complete NDIS code of conduct policy template is one component of a broader compliance documentation suite. Inficurex supports providers at every stage of this work.
With Inficurex resources, providers can:
- Access the NDIS compliance checklist to identify gaps across all governance areas
- Align policy content with the NDIS Practice Standards across all support categories
- Use the service agreement template to ensure participant-facing documents reflect Code commitments
- Manage documentation and compliance workflows using NDIS provider software
- Prepare for registration and re-registration using the provider registration checklist
A well-built policy is the foundation. Strong systems and processes are what bring that policy to life in daily practice. Explore the complete guide to the NDIS Code of Conduct to understand how all the pieces fit together.
The NDIS Commission’s compliance and enforcement framework makes clear that documentation is necessary but not sufficient — it is the organisational culture and day-to-day behaviours that determine whether participants are truly safe. Your Code of Conduct policy should inspire that culture, not just satisfy an auditor.