OH Consultant
Risk AssessmentsGuide
Technical13 min read30 April 2026

NDIS Risk Assessment for Disability Service Providers

NDIS Risk Assessment: The Dual Compliance Challenge

NDIS service providers operate under a dual compliance framework that is unique among Australian industries: they must simultaneously meet their obligations under Work Health and Safety law — which requires them to protect their workers — and their obligations under the NDIS Quality and Safeguards Commission's Practice Standards — which require them to protect the participants they support. These two frameworks overlap, interact, and sometimes create tensions that a generic workplace risk assessment cannot adequately address.

A risk assessment for an NDIS provider is not simply a workplace hazard identification exercise. It must assess risks to participants — including risks arising from the participant's specific disability, health conditions, behaviour support needs, medication interactions, and living environment — as well as risks to the workers providing support. It must be consistent with the participant's NDIS Plan and their individualised support plan. And it must be reviewed and updated as the participant's circumstances, support needs, and health status change over time.

The consequences of inadequate risk management in NDIS services are severe. Participants in disability support services are among the most vulnerable members of the Australian community. Incidents including falls, medication errors, restraint injuries, choking, aspiration, and abuse by workers or other participants have caused deaths and serious harm to NDIS participants. These incidents are subject to mandatory reporting to the NDIS Quality and Safeguards Commission and may result in registration bans, prosecution under the NDIS Act, or concurrent prosecution under WHS legislation.

At the same time, workers providing disability support services — particularly those delivering high-intensity supports such as complex bowel care, tracheostomy management, enteral feeding, and manual patient transfers — face significant occupational health risks. Back injury from manual patient handling, psychological injury from exposure to challenging behaviours, and infectious disease exposure are among the highest-incidence workers' compensation claim categories in the disability services sector.

A CIH-reviewed NDIS risk assessment bridges both frameworks: it assesses participant risks in a manner consistent with the NDIS Practice Standards and it assesses worker risks in a manner consistent with the WHS Act and WHS Regulation.

NDIS Practice Standards: Risk Assessment Requirements

The NDIS Quality and Safeguards Commission administers the NDIS Practice Standards, which set the minimum quality and safety requirements for registered NDIS providers. Risk assessment is a pervasive requirement throughout the Practice Standards, appearing in multiple modules.

**Core Module — Provision of Supports:** The Core Module requires registered providers to assess and manage risks to participants from the supports provided. This includes identifying risks arising from the participant's specific support needs, their environment, and the interaction between supports provided by multiple providers. Providers must document their risk assessments and make them accessible to relevant workers.

**Core Module — Support Provision Environment:** Providers must identify and manage risks to the health and safety of participants arising from the environment in which supports are provided — including the participant's home, community settings, shared living arrangements, and day programs. This includes risks from the physical environment (falls, fire, inadequate sanitation) and from the social environment (interactions with other participants, visitors, and household members).

**High Intensity Supports Module:** Providers delivering high-intensity daily activity supports — complex bowel care, subcutaneous injections, urinary catheter management, tracheostomy management, enteral feeding, ventilation management, and complex wound management — must have specific risk management procedures for each type of support. These procedures must be developed by a health practitioner, documented, and followed by workers who have been assessed as competent to deliver the support.

**Behaviour Support Module:** Providers implementing behaviour support plans — including plans that involve regulated restrictive practices — must conduct risk assessments that identify the risks associated with the participant's behaviours and the proposed strategies for managing those behaviours. The risk assessment must consider the impact of proposed strategies on the participant's rights, dignity, and wellbeing, as well as the physical safety of the participant and support workers.

**NDIS (Incident Management and Reportable Incidents) Rules:** The NDIS Incident Management Rules require providers to have a written incident management system. The risk assessment is the foundation of this system: it identifies the scenarios that constitute foreseeable incidents, determines the controls that should prevent those incidents, and establishes the reporting and response procedures when incidents occur despite the controls.

Non-compliance with the Practice Standards can result in compliance notices, sanctions, and deregistration. The NDIS Commission has the power to impose conditions on a provider's registration, suspend registration, or ban individuals from working as NDIS supports.

Worker Safety in Disability Support: WHS Obligations

In addition to their obligations under the NDIS Practice Standards, registered NDIS providers are PCBUs under the WHS Act and have the same worker safety obligations as any other employer. The specific hazards most prevalent in disability support work are as follows.

**Manual patient handling.** Personal care workers, support workers providing community access, and workers in residential settings perform frequent patient transfers — repositioning, bed-to-chair transfers, bathroom assistance — that impose significant spinal loads. The disability services sector has among the highest rates of manual handling-related workers' compensation claims in Australia. The WHS Regulation and the Hazardous Manual Tasks Code of Practice require PCBUs to assess and control manual handling risks. For NDIS providers, this means assessing the transfer needs of each participant, determining the appropriate mechanical aids required, and ensuring those aids are available in the participant's home or care setting.

**Challenging behaviours.** Workers providing supports to participants with autism spectrum disorder, acquired brain injury, intellectual disability, or mental health conditions may be exposed to physical aggression — hitting, biting, kicking, scratching — as well as verbal aggression and psychological distress. The WHS Regulation requires PCBUs to manage risks from hazardous situations arising from the work, including the risk of physical and psychological injury from challenging behaviours. A risk assessment must identify participants whose behaviour presents a risk to workers, document the known triggers and de-escalation strategies, and specify the supports and procedures workers should follow when challenging behaviours occur.

**Lone working.** Support workers providing in-home, community, and overnight support frequently work alone — without a colleague or supervisor present who could assist if an emergency occurred. Lone working increases the risk of delayed response to emergencies and the risk of harm from participant behaviours. The WHS Regulation requires PCBUs to manage the risks of working alone or in isolation. For NDIS providers, this means establishing check-in procedures, providing personal duress alarms or mobile devices with GPS capability, and ensuring workers know how to contact emergency services.

**Psychological and emotional demands.** Disability support work involves sustained emotional labour — supporting participants experiencing grief, pain, behavioural crises, and end-of-life situations. The WHS Regulation's 2025 amendments include specific provisions for managing psychosocial hazards, including the emotional demands of work. NDIS providers must assess and control the psychosocial risks associated with their workers' roles.

**Infectious disease exposure.** Workers providing personal care — particularly those delivering high-intensity supports involving wound care, catheter management, or bowel care — are exposed to blood-borne pathogen, enteric pathogen, and respiratory pathogen risks. The risk assessment must identify the infection control procedures required and ensure workers are trained in and compliant with those procedures.

Participant-Centred Risk Assessment: Key Components

A participant-centred risk assessment is a structured evaluation of the specific risks to a participant arising from their support needs, health status, living environment, and the support services being provided. It is distinct from a general workplace risk assessment in that the focus is the wellbeing of the participant, not only the safety of the worker — though both must be addressed.

**Participant profile.** The assessment must document the participant's age, primary disability, secondary health conditions, communication method, mobility status, medication regime, and any other factors relevant to their support needs and risk profile. This information is typically sourced from the participant's NDIS Plan, their GP or specialist, and consultation with the participant and their family or guardian.

**Support environment assessment.** The assessment must evaluate the physical environment in which supports will be provided — the participant's home, community settings, or residential facility. For in-home supports, this includes the layout of the home (accessibility, trip hazards, bathroom safety, kitchen safety), the availability and condition of any required assistive technology or equipment, and the presence of other household members or hazards (pets, unsecured medications, weapons).

**Activity-specific risk assessment.** For each type of support activity — personal care, community access, meal preparation, medication assistance, transport — the assessment must evaluate the specific risks associated with that activity for this participant. An activity that is routine for one participant may be high-risk for another with different mobility, cognitive, or health characteristics.

**Emergency planning.** The assessment must address emergency scenarios specific to the participant — what should a support worker do if the participant has a seizure, a fall, a choking incident, a behaviour emergency, or a medical deterioration? The emergency plan must be documented, communicated to all workers providing support to the participant, and tested.

**Review and update triggers.** Participant risk assessments must be reviewed when the participant's health or support needs change, after any incident involving the participant, at least annually, and whenever a new support worker is introduced to the participant. The review must be documented, with the nature of any changes recorded.

Restrictive Practices: Risk Assessment Requirements

The NDIS (Restrictive Practices and Behaviour Support) Rules impose specific risk assessment requirements for any supports that involve the use of regulated restrictive practices — chemical restraint (sedating medication used to control behaviour), mechanical restraint (using a device to restrict movement), physical restraint (using bodily force to restrict movement), seclusion (confining a person alone in a space they cannot exit), or environmental restraint (restricting access to items or areas).

A registered NDIS provider must not implement a regulated restrictive practice unless: - A behaviour support practitioner has assessed the participant and prepared a positive behaviour support plan that includes the restrictive practice as a strategy of last resort; - The provider has sought and obtained authorisation from the relevant state or territory oversight body (the NDIS Commission requires authorisation from the state/territory disability guardian or QCAT/VCAT/NCAT as applicable); - The participant or their guardian has consented to the use of the restrictive practice; - A risk assessment has been conducted that evaluates the physical and psychological risks to the participant from the restrictive practice and from the behaviours that the practice is designed to address; and - Workers implementing the practice have been trained by the behaviour support practitioner.

The risk assessment for a restrictive practice must document the behaviour of concern, the risks to the participant and to others if the behaviour is not managed, the risks of the proposed restrictive practice, the alternatives that have been trialled and found inadequate, and the plan for reducing and ultimately eliminating the restrictive practice.

Failure to comply with the restrictive practices rules is a serious non-compliance under the NDIS Act and is subject to significant penalties — up to $137,500 for an organisation and $27,500 for an individual. Providers must report every use of a regulated restrictive practice to the NDIS Commission on a monthly basis.

What Our NDIS Risk Assessment Package Covers

Our CIH-reviewed NDIS risk assessment package is designed to support NDIS providers in meeting their dual compliance obligations under the NDIS Practice Standards and the WHS Act. The package includes the following documents, all delivered as editable Microsoft Word files.

**Participant Risk Assessment:** A comprehensive participant-centred risk assessment that covers participant profile, support environment, activity-specific risk assessment, emergency planning, and review triggers. Structured to align with the NDIS Practice Standards Core Module requirements. Includes prompts for medication risks, behaviour risks, communication risks, and mobility risks.

**Worker Safety Risk Assessment:** A workplace risk assessment specific to disability support work, covering the worker safety hazards most prevalent in the sector: manual patient handling, challenging behaviours, lone working, psychosocial risks, and infectious disease exposure. Compliant with WHS Act 2011 and WHS Regulation 2025.

**High-Intensity Support Procedures:** Procedure documents for the seven categories of high-intensity supports specified in the NDIS Practice Standards, including participant-specific risk sections for each support type.

**Incident Risk Register:** A risk register for documenting foreseeable incident scenarios, their likelihood and consequence, and the controls in place to prevent their occurrence — the foundational document for the NDIS incident management system.

The package is priced at $49 AUD and is reviewed annually for compliance with current NDIS Practice Standards, the WHS Regulation, and any updated guidance from the NDIS Quality and Safeguards Commission.

Frequently Asked Questions

**Is a risk assessment required for every NDIS participant?** Yes. The NDIS Practice Standards require registered providers to assess and manage risks to each participant from the supports provided. A participant-centred risk assessment must be completed for every participant at the commencement of services, reviewed at least annually, and updated whenever the participant's circumstances change.

**Who should complete an NDIS risk assessment?** The participant risk assessment should be completed by a person with knowledge of the participant's support needs — typically the support coordinator, team leader, or a senior support worker — in consultation with the participant and their family or guardian, and with input from the participant's treating health practitioners where relevant. Worker safety risk assessments should be completed by a person with WHS competence — a qualified OHS officer, support coordinator, or registered nurse with WHS training.

**Does an NDIS risk assessment replace a behaviour support plan?** No. A behaviour support plan is a separate document prepared by a registered behaviour support practitioner and is required when a participant exhibits behaviours of concern. The risk assessment informs the behaviour support plan by identifying the risks associated with the behaviours and the work environment, but the two documents are distinct. The risk assessment is the provider's internal risk management document; the behaviour support plan is a therapeutic and regulatory document.

**How do I conduct a risk assessment for a participant I have not yet met?** Pre-service risk assessments can be conducted using information from the participant's NDIS Plan, their previous providers' records (with consent), the referring body, and the participant's family or guardian. The assessment should be clearly marked as a pre-service assessment and must be updated within the first one to two weeks of service commencement once the worker has direct knowledge of the participant and their environment.

**What is the difference between a participant risk assessment and a risk management plan?** A risk assessment identifies and evaluates risks; a risk management plan specifies how those risks will be controlled, who is responsible for each control, and how the effectiveness of controls will be monitored. In practice, many NDIS providers combine both in a single document. The NDIS Practice Standards require both elements — risk identification and risk management — to be documented and implemented.

Download Our NDIS Risk Assessment Package

Includes participant risk assessment, worker safety risk assessment, high-intensity support procedures, and incident risk register. Aligned with NDIS Practice Standards and WHS Regulation 2025. Editable Word format. $49 AUD.

Buy NDIS Risk Assessment — $49