Incident management is one of the first things a SIL auditor opens, and one of the easiest to fail — not because providers don't respond to incidents, but because the record of what they did doesn't line up. This is a plain walk through the six reportable categories, the notification windows, and what 'good evidence' actually looks like.

Who this is for

You run SIL houses and you're registered — or you will be from 1 July 2026, which puts you fully inside this regime. Reportable incidents sit at the centre of the new Safeguarding outcome, so getting this tight does double duty.

What counts as a reportable incident

A reportable incident is one that happens in connection with the delivery of NDIS supports. There are six categories:

  • Death of a participant
  • Serious injury of a participant
  • Abuse or neglect of a participant (it doesn't have to be intentional to be reportable)
  • Unlawful sexual or physical contact with, or assault of, a participant
  • Sexual misconduct committed against, or in the presence of, a participant — including grooming
  • Unauthorised use of a restrictive practice — any restrictive practice used without authorisation, or outside an authorised behaviour support plan

The clock: 24 hours, then 5 business days

This is where providers slip. The windows are tight and they start the moment you become aware, not the moment it's convenient.

  • Any of the first five categories — notify the Commission within 24 hours of becoming aware.
  • Unauthorised use of a restrictive practice — within 5 business days, unless it caused serious injury or death, in which case it's 24 hours.
  • After the initial notification — a fuller follow-up report within 5 business days, with what you've done and what you found.

If you don't have the full picture inside 24 hours, notify anyway with what you've got — then fill in the rest within five business days. The clock starts when a worker tells key personnel, a supervisor, or whoever your incident system names as responsible for Commission notifications. That hand-off is the moment the 24 hours begins — so it has to be fast and recorded.

Where it goes wrong at audit

The incident lives in a shift note and never reaches the register. A worker writes it up at handover, but it never makes the organisational incident register — so on paper, it never happened.

The threshold call gets made by the wrong person. A worker isn't sure it 'counts', so it sits over a weekend. Workers don't decide reportability — your process does, and it should escalate fast by default.

The trail doesn't reconcile. The register says one thing, the notification says another, the participant file says a third. Auditors cross-check all three. Gaps between them are where this fails.

What good evidence looks like

An auditor follows a single incident end to end. Strong evidence is a trail that holds together:

  • The incident recorded with date, participant, category, immediate action and who was notified
  • The Commission notification lodged inside the window, with the timestamp to prove it
  • The 5-business-day follow-up with the response and any investigation
  • The learnings flowing back — a supervision topic, a policy change, retraining — so the same thing is less likely twice

That last one matters more than people expect. The Commission isn't only asking 'did you report it' — it's asking 'did anything change because of it'.

Common questions

What are the reportable incidents under the NDIS?
Death; serious injury; abuse or neglect; unlawful sexual or physical contact; sexual misconduct; and the unauthorised use of a restrictive practice.

How long do I have to report an NDIS incident?
Within 24 hours of becoming aware for the first five categories; within 5 business days for an unauthorised restrictive practice (24 hours if it caused serious injury or death). A fuller follow-up report is due within 5 business days of the initial notification.

When does the 24-hour clock start?
When a worker notifies key personnel, a supervisor, or whoever your system names as responsible for Commission notifications.

Where Clearline fits — honestly

Aura OS by Clearline Health logs every incident against the participant, prompts the 24-hour and 5-business-day windows so the clock doesn't run out on you, and keeps the register, the notification record and the follow-up in one place — the trail an auditor actually wants. When they ask, the 60-second audit test packages it: pick a participant, a date and a Practice Standard, and a branded PDF is in their inbox in two clicks.

Flat $49 a month, same price for two houses or twenty. The free tier is unlimited — workers, participants and houses — with every audit-ready feature included. Audit-ready on free. AI for admin, humans for care. Australian-owned and Sydney-hosted; the few US sub-processors we use — error reporting, payments, AI — are each named in our privacy policy.

Honest about the limit: software can't make the threshold call for you. What it can do is start the clock, hold the trail, and make sure nothing falls down the gap between a shift note and the register.

Pass your audit without losing your weekend.

Start free — every audit-ready feature included, no credit card.

Start free on Aura OS See pricing

This is general information drawn from the NDIS (Incident Management and Reportable Incidents) Rules and the Commission's published guidance, not legal advice. Notification categories, timeframes and final-report requirements can change and can turn on the specifics — check the current rules on the NDIS Commission's website and your incident-management policy before you act.