Incident management

NDIS Incident Management Guide

NDIS incident management is the process of identifying, reporting, investigating, and responding to incidents affecting participants in accordance with NDIS Commission requirements. Effective incident management ensures participant safety, regulatory compliance, and continuous improvement through corrective actions and systemic learning. Incident management is a core component of your NDIS compliance system, requiring integration with NDIS evidence and reporting and NDIS audit readiness processes.

Commission obligations

What the NDIS Commission requires for incident management

NDIS providers must notify, investigate, and take corrective action for reportable incidents within Commission-mandated timeframes. Incident management obligations include immediate notification, structured investigation, participant communication, and evidence retention for audit verification.

Notification timeframes

  • Reportable incidents must be notified within 24 hours of discovery or reasonable expectation of discovery
  • Serious incidents require immediate notification to the NDIS Commission
  • Death or serious injury notifications must include preliminary details and known facts

Investigation obligations

  • Providers must investigate all reportable incidents and document findings
  • Investigations must identify root causes, contributing factors, and systemic issues
  • Final investigation reports must be submitted within required timeframes (typically 60 days)

Corrective action requirements

  • Immediate actions to protect participants must be documented and timestamped
  • Preventive measures must address root causes and reduce recurrence risk
  • Action owners, due dates, and completion evidence must be recorded

Participant communication

  • Participants and their representatives must be notified of incidents affecting them
  • Updates on investigation progress and outcomes must be provided
  • Communication records must include dates, methods, and participant responses

Reportable incidents

What counts as a reportable incident under NDIS Commission rules

These incident categories must be reported to the NDIS Commission within 24 hours of discovery or reasonable expectation of discovery.

Death or serious injury

  • Death of a participant during service provision or connected to service delivery
  • Serious injury requiring immediate medical treatment or hospitalisation
  • Medical emergency resulting from service delivery failure or worker action

Abuse or neglect

  • Physical, sexual, emotional, or financial abuse by workers or other participants
  • Neglect or failure to provide necessary care, supervision, or support
  • Unauthorised restrictive practices or use of force without approved behaviour support plans

Worker suitability verified through NDIS worker screening and training.

Unlawful conduct

  • Sexual or physical assault by workers or within service environments
  • Theft, fraud, or financial exploitation of participants
  • Unlawful restrictive practices or deprivation of rights

Unexplained absence

  • Participant missing from service or accommodation for extended periods
  • Whereabouts unknown with risk of harm or inability to meet support needs
  • Notification required within 24 hours if absence remains unexplained

Common failures

Common incident management failures and their audit impact

These patterns trigger non-conformances and demonstrate inadequate incident management systems during NDIS Commission audits.

Late or incomplete notifications

Impact: Breaches Commission timeframes; delays protective actions; reduces audit credibility

Fix: Log discovery timestamp, notification timestamp, and preliminary details within 24 hours; escalate serious incidents immediately

Superficial investigations

Impact: Root causes remain unidentified; recurrence risk continues; corrective actions are ineffective

Fix: Document interviews, evidence review, timeline reconstruction, and contributing factors; require sign-off from management

Untracked corrective actions

Impact: Actions remain incomplete; auditors cannot verify closure; accountability is lost

Fix: Assign owners, due dates, and completion checks; attach evidence of implementation and effectiveness review

Missing participant communication

Impact: Participants unaware of incidents affecting them; complaints escalate; demonstrates lack of transparency

Fix: Record notification date, method, content, and participant acknowledgment; update participants on investigation outcomes

Incident records fragmented across systems

Impact: Auditors cannot trace end-to-end incident handling; gaps in accountability and evidence

Fix: Centralise incident log with notifications, investigations, actions, approvals, and participant communications linked to single record

Required documentation

Required incident records and evidence for NDIS Commission audits

Maintain these records for every reportable incident to demonstrate compliance with NDIS Commission incident management obligations.

Initial notification

  • Discovery timestamp and person who identified the incident
  • Preliminary details: participants affected, incident type, location, and immediate actions taken
  • NDIS Commission notification timestamp and reference number

Investigation file

  • Investigation plan: scope, methodology, and responsible persons
  • Evidence collected: witness statements, photos, logs, and third-party reports
  • Root cause analysis and contributing factors identified
  • Final investigation report with findings, conclusions, and sign-off

Corrective actions

  • Immediate protective actions with timestamps and responsible persons
  • Preventive measures: what will change, who is responsible, and completion deadline
  • Completion evidence: policy updates, training records, system changes, or process adjustments
  • Effectiveness review: has the action reduced recurrence risk as intended

Participant communication

  • Initial notification to participant or representative with date and method
  • Progress updates during investigation with acknowledgment records
  • Final outcome notification with corrective actions and follow-up support offered

Incident management tools

How EMPWR Connect supports compliant incident management

Notification tracking, investigation workflows, and corrective action accountability without manual record-keeping.

Problem

Incident notifications miss 24-hour deadline

Solution: Automated notification workflow with timestamp capture, escalation alerts, and Commission submission tracking

Proof: Discovery and notification timestamps are locked at entry; serious incidents trigger immediate escalation; all notifications include reference numbers and preliminary details

Problem

Investigations lack structure and evidence

Solution: Investigation templates with required fields: evidence, interviews, timeline, root cause, and management sign-off

Proof: Every investigation includes documented evidence, contributing factors, and final report with approval trail; templates enforce completeness before closure

Problem

Corrective actions lose accountability

Solution: Action register with owners, due dates, completion checks, and effectiveness review prompts

Proof: Actions cannot be closed without completion evidence; overdue actions trigger alerts; effectiveness reviews are timestamped and linked to original incident

Problem

Participant communication is not recorded

Solution: Participant notification log within incident record; tracks dates, methods, content, and acknowledgments

Proof: Every incident shows participant notification timestamps, update history, and outcome communication; auditors can trace full communication trail

Problem

Incident data is fragmented and hard to audit

Solution: Single incident record linking notifications, investigations, actions, approvals, and participant communications

Proof: Auditors can trace a single incident from discovery → notification → investigation → corrective actions → participant updates without gaps; one-click export for audit packs