If you run a SIL house in Australia, you've probably heard that the rules around registration are changing. Most operators we speak to know the deadline is real. What they're less sure about is what an audit actually looks like when the auditor sits down at their kitchen table and asks to see the worker register.

This post is a practical walkthrough. No reassurance, no fluff. Six pillars, a ten-week plan, three mistakes. Written for the person who's going to sit across from the auditor, not the one who wrote the policy.

Why you're reading this

You operate one or more SIL houses. You currently sit unregistered, or you're registered through a larger provider and you're now going direct. Either way, you need your own registration confirmed with the NDIS Commission before 1 July 2026, and your audit will happen before that.

If your business is already registered and you've been through a certification cycle, skim this for the 10-week countdown. If you haven't — start at the top.

What "registration" actually means

Registration is the process by which the NDIS Quality and Safeguards Commission confirms that your organisation meets the NDIS Practice Standards for the supports you deliver. For Supported Independent Living, that's assessed through a certification audit — conducted by an approved quality auditor, not the Commission itself.

The auditor produces a report. The Commission reads it. If you pass, your registration is granted (or renewed) for three years. If you don't, you get a corrective-action period and a follow-up. If you fail that — you can't deliver registered supports, which means NDIA-plan-managed participants can't use you.

"We don't fail people on paperwork. We fail people whose paperwork shows the practice underneath isn't there yet."
— Approved quality auditor, speaking off-record

The six pillars an auditor will ask about

The NDIS Practice Standards for SIL break into several modules, but every auditor we've spoken to works through the same six pillars on the day. Here they are in the order they tend to be examined — with what's actually being checked and what you need ready.

Pillar 01 · Worker screening

The worker register and every worker's current clearances

Every person who works with your participants needs a current NDIS Worker Screening clearance. Not a Working With Children check pretending. Not a Police Check from 2022. The specific NDIS check, issued in the state you operate, with an expiry that hasn't passed.

What the auditor checks

  • The worker register: names, roles, clearance numbers, expiry dates
  • Sample of personnel files: the actual clearance certificate in each one
  • Evidence you re-check expiries before they lapse — not after

Where providers get stung

Three workers off the current roster because nobody renewed. One casual still on the register whose clearance expired in February. Paper register that says everyone's compliant, digital evidence that three people aren't.

Pillar 02 · Training currency

First aid, manual handling, medication, and role-specific training — none expired

A compliance score of 100% in this pillar means every active worker has current certification in every item their role requires. For a SIL support worker that's usually first aid, CPR, manual handling, medication administration, and any participant-specific training (PEG feeding, epilepsy, diabetes, restrictive-practice authorisation for behaviour support).

What the auditor checks

  • Training matrix: who needs what, who has what
  • The certificate — scanned, in the personnel file, with a clear expiry
  • Your re-training schedule for certificates expiring in the next 90 days

Where providers get stung

Blanket "all workers are trained" claims with no matrix underneath. Expiry dates tracked in someone's head. No plan for what happens when the first-aid cohort expires in the same month.

Pillar 03 · Supervision cadence

Documented supervision sessions, happening at the right frequency for the role

Support workers need regular supervision. How often depends on role, risk, and your own policy — but "never" is not an answer. Supervision is how you catch practice drift, surface incidents before they become serious, and evidence that your clinical governance is alive.

What the auditor checks

  • Supervision records: who, when, what was discussed, what actions came out of it
  • Cadence matching your policy — monthly for clinical, quarterly for administrative is typical
  • Reflective practice captured in writing, not just ticked off

Where providers get stung

Supervision happens verbally at handover and nobody writes it down. Policy says monthly, actual records show two sessions in a year per worker. No standing agenda so each supervision is ad-hoc and unevidenced.

Pillar 04 · Policy review cycle

Every NDIS-required policy read, reviewed, and signed off within the last 12 months

The Commission requires a suite of policies covering incident management, restrictive practices, worker screening, participant rights, complaints, privacy, and more. It's not enough to have them. They need to be reviewed annually — and your workers need to have read them.

What the auditor checks

  • A register showing each policy's last review date and next due date
  • Evidence of who approved the current version
  • Staff training records showing workers have been inducted into the policy suite

Where providers get stung

Policies downloaded from a template site two years ago, never re-read. No review register. The incident-management policy references a phone number that was disconnected a year ago. Workers can't name three policies if asked.

Pillar 05 · Incident management

Everything logged, serious incidents notified to the Commission within 24 hours

The auditor will look at your incident register for the last 12 months. They will correlate entries with your participant files, your worker supervision notes, and your Commission-reportable notification trail. Inconsistencies are where this pillar fails.

What the auditor checks

  • Every incident recorded with date, participant, type, immediate action taken, follow-up
  • Commission-reportable events notified within the required window (24 hours for serious events, 5 days for certain others)
  • Root-cause analysis for any significant pattern — not just the individual event
  • Evidence the learnings have flowed back into practice (training, policy change, supervision topic)

Where providers get stung

An incident is logged in the worker's shift note but never makes it to the organisational incident register. A serious behaviour incident goes un-reported because the worker wasn't sure if it met the threshold. Three similar incidents across two months with no pattern analysis.

Pillar 06 · Restrictive practices

Every use reported, every practice aligned with an authorised behaviour support plan

If you use any restrictive practice — chemical, physical, environmental, seclusion, or mechanical — it must be authorised under the participant's behaviour support plan, reported to the Commission within the required window, and reviewed against the plan regularly. The unauthorised use of a restrictive practice is the fastest way to fail an audit and attract regulatory action separate from the registration process.

What the auditor checks

  • The restrictive practices register: what, when, why, for how long, by whom
  • Linkage to the participant's current behaviour support plan
  • Notification to the Commission within 5 business days for each use
  • Evidence of review — is the practice reducing over time or becoming business-as-usual?

Where providers get stung

Chemical restraint in use for three participants but only two are on authorised plans. A locked fridge being described as "environmental management" with no registered authorisation. Monthly reports to the Commission haven't been sent because nobody knew they were due.

A 10-week countdown plan

If you're reading this in mid-April and the deadline is 1 July, that's ten weeks. Ten weeks is enough — just — if you start today. Here's how we'd structure it.

Week 1
Build the worker register. Every active worker, clearance number, expiry, training matrix. If any clearance is expired, that worker is off the roster until renewed.
Week 2
Build the training matrix. First aid, CPR, manual handling, medication, role-specific. Book any re-training for the current cohort that expires in the next 90 days.
Week 3
Pull every policy you rely on into one place. Review date, approver, last review. Anything older than 12 months needs a re-read and a sign-off.
Week 4
Audit the incident register. Back-fill anything that should be there. Reconcile against shift notes. Identify any missed Commission notifications and file them now, late-with-explanation.
Week 5
Restrictive practices register. Cross-check against every participant's current behaviour support plan. Fix unauthorised use today — either get the authorisation or cease the practice.
Week 6
Supervision records. If you haven't been documenting, start now, and fill backwards with any notes you have. Schedule formal supervision for every worker between now and audit day.
Week 7
Engage your approved quality auditor (if you haven't already — most are booking out). Share your pre-audit self-assessment. Agree the audit date.
Week 8
Mock-audit your own house. Walk through every pillar. The gap between what you think is in place and what you can evidence is always larger than you expect. Close the gaps.
Week 9
Brief your staff. They will be interviewed. Make sure each worker can name three policies, describe an incident they've been involved in, and speak to supervision they've received.
Week 10
Audit day. Everything in order, everything accessible, everything digital. Let the auditor ask. Answer in numbers.

The three mistakes we keep seeing

1. Treating policies as documents rather than practice

Most providers have every policy. Fewer can evidence that the policy describes what actually happens in the house. The auditor will test this by talking to workers — not by reading your manual. A worker who can't describe your incident-reporting process in their own words is a failure point no matter how polished the PDF is.

2. Waiting for audit day to find the gaps

The single most common pattern: operators who believe they're compliant until the auditor arrives and starts asking for evidence they can't produce. A self-audit — honest, documented, five weeks out — surfaces these gaps when you still have time to close them. An auditor surfacing them on the day is a corrective-action letter.

3. Paper-first evidence

Paper registers get lost, re-written, and quietly updated. Digital registers with timestamps, version history, and access control — whether that's a dedicated system or a well-kept spreadsheet on a shared drive — stand up to scrutiny in a way loose paper doesn't. The auditor doesn't need beautiful software. They need evidence that can't be edited after the fact.

Your six-pillar score, in two minutes

Aura OS by Clearline Health maps to the exact six pillars above. Start free: add your workers, policies, incidents, and participant plans. Watch the audit-readiness number move. Pro downloads a one-click Commission-ready PDF for audit day.

Start free on Aura OS See pricing

This post is written from our experience building compliance software for SIL providers and from conversations with auditors and operators. It is not a substitute for the NDIS Practice Standards or formal advice from your approved quality auditor. Check specific notification thresholds, report timelines, and training requirements against your state's current rules and the Commission's published guidance before audit day.