Missing a reportable incident deadline is not a minor administrative slip, it is an audit trigger. For registered NDIS providers, a single unreported incident or a late notification can result in infringement notices, compliance investigations, and in serious cases, suspension of registration.
This page covers exactly what the NDIS Commission requires from registered providers, which incident types carry mandatory reporting obligations, what the consequences of non-compliance look like, and how purpose-built NDIS incident reporting software keeps your organisation protected.
What Is NDIS Incident Reporting Software?
NDIS incident reporting software is a digital system that captures incidents at the point of occurrence, classifies them against NDIS Commission reportable incident categories, triggers internal review workflows, alerts key personnel to notification deadlines, and maintains a complete audit-ready incident register for compliance purposes.
What Incidents Must Be Reported to the NDIS Commission?
Registered NDIS providers are legally required to notify the NDIS Quality and Safeguards Commission when specific incidents occur. These reporting obligations apply regardless of whether the provider was directly responsible, the focus is on participant safety, transparency, and regulatory oversight.
The NDIS Commission identifies six specific categories of reportable incidents: death of a participant, serious injury, abuse or neglect, unlawful sexual or physical contact, sexual misconduct, and unauthorised use of restrictive practices. Each category carries a defined notification timeframe that begins the moment the provider becomes aware of the incident.
Here is a breakdown of each category and its required reporting window:
Death of a Participant The death of a participant is always reportable, regardless of circumstance. This includes deaths that appear unrelated to the disability or support provision, provided they occurred in connection with service delivery. Deaths must be reported as soon as practical within 24 hours.
Serious Injury Serious injury must be reported to the NDIS Commission within 24 hours of the provider becoming aware. This applies to injuries sustained during the delivery of NDIS-funded supports, whether at a service location or in the community.
Abuse or Neglect Abuse can be financial, physical, sexual violence, psychological or emotional harm, constraints, forced treatments or interventions, humiliation and harassment, violation of privacy, systemic abuse, or physical and emotional neglect. All must be reported within 24 hours.
Unlawful Sexual or Physical Contact and Sexual Misconduct Unlawful sexual or physical contact and sexual misconduct must be reported to the NDIS Commission within 24 hours of the provider becoming aware. This applies to both actual and alleged incidents.
Unauthorised Use of Restrictive Practices Unauthorised use of restrictive practices must be reported within five business days, or within 24 hours if the practice caused injury to the participant. This is a distinct category with a separate timeframe that providers frequently misapply.
The Clock Starts Earlier Than Most Providers Realise The 24-hour window starts when a worker notifies key personnel, a supervisor or manager, or the person specified in the incident management system as responsible for Commission notifications not when the incident actually occurred. This is a critical distinction that manual processes routinely miss.
If the full information required is not available within 24 hours, the provider must still notify within that window with whatever information is available. The remaining details can be provided within five business days.
What Happens If You Miss an Incident Report?
If you do not report an incident within the required timeframes, this may result in an infringement notice or other compliance actions from the NDIS Commission. These are not informal warnings, they are formal regulatory instruments recorded against your organisation.
Miss a deadline, fail to report something that meets the threshold, or keep poor documentation, and you are facing infringement notices, registration suspension, or enforcement action. Providers with a pattern of unreported incidents attract heightened audit scrutiny and risk re-registration conditions.
The compounding risk is documentation. A provider that cannot produce a complete incident register during an audit, including timelines, outcomes, and Commission notifications demonstrates a systemic failure in their incident management system. This is an audit finding in itself, separate from the original incident.
What Good NDIS Incident Reporting Software Does
The right NDIS incident management software does more than capture incident details. It actively reduces compliance risk by guiding workers through the classification process, alerting managers to notification obligations, and maintaining evidence that every step was taken correctly.
Effective NDIS incident management software includes these capabilities:
Guided incident capture with classification prompts. Workers complete structured forms that prompt for all required information at the time of reporting. Classification logic flags whether an incident meets the threshold for NDIS Commission notification, reducing the risk of under-reporting.
Automated notification alerts tied to Commission timeframes. Once a reportable incident is classified, the system generates immediate alerts for key personnel. Notification deadlines are tracked automatically, so no manager has to remember whether the 24-hour window applies or whether a follow-up is due within five business days.
Internal review and investigation tracking. Every incident moves through a documented workflow, from initial report through investigation, corrective actions, and closure. Each step is timestamped and attributed to a named staff member.
Audit-ready incident registers. All incidents, reportable and non-reportable are stored in a searchable, filterable register. Providers can produce a complete incident history for any participant or date range during an audit, a self-assessment, or a registration renewal.
Mobile accessibility for workers in the field. Incidents happen on shift, not at a desk. Software with mobile capability means workers can lodge an incident report immediately, preserving detail accuracy and ensuring key personnel are notified without delay.
How Vertex360 Handles NDIS Incident Reporting
Vertex360’s incident management module is built specifically for registered NDIS providers. It handles the full incident lifecycle; from initial capture through Commission notification and closure, in a single, connected system.
The incident form prompts workers to record incident type, location, involved parties, witness information, and immediate actions taken. The structured format ensures every report contains the information required for both internal review and Commission notification.
Reportable classification logic identifies whether an incident meets the NDIS Commission’s threshold for notification. Once classified as reportable, the system immediately alerts the designated key personnel and displays the applicable notification deadline, 24 hours or five business days, so your team is never left guessing.
The notification workflow guides responsible staff through the Commission reporting process with deadline tracking built in. If a full report cannot be completed within 24 hours, the workflow supports partial submission with a follow-up reminder for the five-business-day detailed report.
The audit trail stores every action taken on each incident, who reported it, when it was escalated, when the Commission was notified, what investigation was conducted, and what corrective actions were implemented. This creates the documentary evidence the NDIS Commission expects to see during a compliance review.
The Vertex360 Workers Mobile App means support workers can log an incident from any location the moment it occurs. This eliminates the reporting delays that happen when workers wait until they return to an office, protecting both participants and the provider organisation.
Vertex360 also integrates incident management with risk management, participant management, and NDIS compliance features so patterns across incidents, participants, and risk assessments are visible in one place.
Ready to Protect Your Registration?
Manual incident tracking, spreadsheets, paper forms, and email chains creates compliance gaps that put your registration at risk. Vertex360 gives registered NDIS providers a structured, automated incident management system that handles classification, deadline tracking, investigation workflows, and audit-ready record-keeping in one platform.
Book a Demo of the Vertex360 Incident Reporting Module to see exactly how it handles reportable incidents from capture to Commission notification.
Or start your free 7-day trial and experience the full system today.
Related reading: NDIS Compliance | Risk Management | Participant Management
Frequently Asked Questions
What is a reportable incident under the NDIS?
A reportable incident is a specific event that registered NDIS providers are legally required to notify to the NDIS Quality and Safeguards Commission. Reportable incidents include actual or alleged events that cause, or have the potential to cause, serious harm to a participant, or that involve unauthorised practices. The six categories are: death, serious injury, abuse or neglect, unlawful sexual or physical contact, sexual misconduct, and unauthorised use of restrictive practices.
How many days do I have to report an incident to the NDIS Commission?
Death, serious injury, abuse, neglect, unlawful sexual or physical contact, and sexual misconduct must all be reported to the NDIS Commission within 24 hours of the provider becoming aware. Unauthorised use of restrictive practices must be reported within five business days, unless the practice caused serious injury or trauma, in which case the 24-hour timeframe applies.
Does incident reporting software connect to the NDIS Commission portal?
NDIS incident reporting software like Vertex360 supports and streamlines the Commission notification process by tracking deadlines, generating alerts, and storing all incident documentation. Providers still submit notifications through the NDIS Commission’s online portal, but the software ensures no deadline is missed and every submission is supported by complete documentation.
What is the difference between an incident and a near miss?
An incident is an event that actually caused harm or involved a reportable act, it requires documentation and, where applicable, Commission notification. A near miss is an event that did not result in harm but had the potential to do so. Near misses are not reportable to the Commission but must be recorded internally. Tracking near misses is a quality practice that demonstrates proactive risk management and supports continuous improvement in participant safety.
