Incident management is one of the important modules of the NDIS Standards. The NDIS Quality and Safeguards Commission encourages all providers to have a proper incident management system (IMS) in place. However, for registered providers, having an IMS is a mandatory requirement, as it is a condition for registration.
An IMS should be able to record and manage incidents that happen during the delivery of a support or service to a participant. Effective management of incidents allows providers to respond appropriately to any unexpected situation and ensures the health and safety of everyone involved. Therefore, incident management is not just an administrative function but rather a well-defined approach to protect participants and to prevent future harm.
An incident is defined as the occurrence of something, an absence/omission or a situation that causes harm or could have caused harm to people when a service is being provided to a participant. This includes incidents that:
Incidents can threaten the health, safety or well-being of the parties below:
There can be different types of incidents and incidents with different intensities. Some incidents are recognised as reportable incidents and are serious events or alleged events that relate to significant harm or unauthorised restrictive practices. Registered providers must inform the Commission about such incidents within the required timeframes.
However, not every incident is obvious.
Sometimes incidents are identified because:
A strong incident management culture encourages workers and participants to speak up. If people feel unsafe reporting issues, your system will fail before it even begins.
Incident management is the structured and well-defined procedure for handling an incident, from immediate response to appropriate solutions and documentation.
Having documented procedures and processes for managing an incident is useless and not enough. These guidelines and policies should be adapted and reflected well in practice. It allows you to be compliant and meet the standards, as well as improve your day-to-day operations by preparing for any issues or complications.
Therefore, the NDIS Quality and Safeguards Commission expects more than a written policy. It expects a working system that does the following:
An IMS must cover all incidents that take place in connection with providing NDIS supports or services. This means acknowledging, addressing and recording every incident internally.
The purpose is simple: when you know about incidents, you can reduce risk and improve your services.
The NDIS Quality and Safeguards Commission provides six key steps to better manage incidents.
Incidents may be identified by workers, participants, or other parties. Sometimes there are indirect signs, such as physical evidence or behavioural changes.
Your organisation should promote a culture where workers and participants feel comfortable reporting concerns. When incidents are hidden or ignored, risk increases.
Safety comes first.
If someone requires urgent medical attention or if a criminal offence is suspected, you must call 000 immediately. This action must not be delayed.
It is good practice to have a response plan that guides workers on:
Incident management is not only about investigation. It is about making the person with disability feel safe, respected and involved throughout the process.
All incidents must be documented.
Your system must clearly describe:
Records should include relevant details and evidence and should be created promptly, for example, within 24 hours where possible.
If it is not written down properly, it is very difficult to prove what happened and how it was managed.
Your system must include an internal reporting procedure.
This might involve:
An appropriate staff member must then assess:
If it is a reportable incident, it must be reported to the Commission within the required timeframe.
If it is not reportable, you still manage it through your internal system.
If the initial assessment does not provide sufficient clarity, an investigation may be required. The Commission may also require an investigation.
The purpose of an investigation is to:
The nature of the investigation must be proportionate to the harm caused and the risk of future harm.
Incident management does not end when the report is closed.
The records, assessments and investigation findings should be used to:
This learning function is what turns incident management from reactive compliance into proactive quality improvement.
NDIS providers are required to adhere to the code of conduct as well as the NDIS Standards. However, even when you follow these frameworks, incidents may still occur. Therefore, the purpose of an IMS is not to expect perfection. Rather, having an IMS ensures that when something does go wrong, the response is safe, structured and accountable.
Your IMS should clearly break down and provide the outline of the overall approach and key steps or actions to be taken when an incident occurs. The main focus of the system is assuring the safety and well-being of people with disabilities. Hence, it should state the responsibilities, clarify the principles, and define appropriate responses.
The guidance provided by the NDIS Quality and Safeguards Commission suggests that the system fulfils these three requirements. It should be:
The same minimum requirements apply to all registered providers. However, the structure of the system can be different according to the size, scope and complexity of the organisation and service provided. While a small-scale provider may use a simple digital tool with other procedures, a large-scale provider will require a more complex automated software solution and process.
Your documented procedures must cover:
These are not optional inclusions. They are the minimum requirements under the Rules.
An incident management system is not a static document. It is a working framework that guides how your organisation responds under pressure.
You must be prepared to:
In 2026, compliance is not measured by whether a policy exists. It is measured by whether your system protects people, documents actions clearly, and drives improvement over time.
The real question is not whether incidents occur. In human services, they sometimes will.
The real question is whether your organisation responds in a way that is structured, transparent, respectful and focused on preventing harm in the future.
Follow the link to access the detailed guidance on Incident Management Systems