How to respond to an NDIS Commission notice

In plain English

An NDIS Commission notice is any formal written communication from the Commission requesting information, documents, attendance, or a response to identified concerns. They come in several shapes - a letter raising compliance questions, a formal notice to produce documents under section 55A, a notice of intention to ban under section 73ZN, or a notice of compliance action. The legal weight varies, but the disciplined first response is the same.

What you do in the first 72 hours can materially change the outcome of the entire process. The most common - and most expensive - provider mistakes are made in the first week: ignoring it, calling the Commission to argue, sending an informal "explanation" before getting legal advice, or destroying documents that turn out to be subject to a preservation obligation.

The first 72 hours - what to do, in order

Hour 0–2: read it, log it, secure it

• Read the entire notice - every page, every annexure. Note the exact section of the Act the notice is issued under (it's usually on page 1).
• Note the response deadline and the nominated contact officer at the Commission.
• Log the date and time you received it. Save the email or scan the letter into a single named folder ("commission-notice-YYYY-MM-DD") - this becomes your master case file.
• Don't reply. Not even an "acknowledgement" email. Anything you write is now part of the record.

Hour 2–24: engage a lawyer

This is the single most important action. Even if your initial reaction is "this is a misunderstanding, we can clear it up," engage a lawyer with NDIS regulatory experience before any further contact with the Commission. Specific considerations:

• Look for lawyers who specifically list NDIS regulatory or health/aged-care regulatory work. General employment lawyers and general commercial lawyers usually aren't the right fit - the Commission framework has its own procedural rules and case law.
• Many firms offer a fixed-fee initial consultation (A$500–A$1500 typically). Use it to scope the matter and confirm the response strategy before you commit to broader engagement.
• If your professional indemnity insurance covers regulatory defence, notify your insurer the same day - coverage often requires prompt notification and can fund legal fees.
• Legal professional privilege attaches to communications between you and your lawyer for the purpose of getting legal advice. It doesn't attach to communications with non-lawyer consultants or to internal investigation notes prepared without legal direction. This matters because anything not privileged can potentially be required under a subsequent notice.

Hour 24–48: preserve all relevant evidence

• Issue an internal preservation hold. Email every relevant employee instructing them to not delete any documents, emails, messages, rosters, incident reports, participant files, or worker records relating to the matters in the notice. Suspend any auto-deletion policies (Slack retention, email archiving) for the affected scope.
• Take a forensic copy of any electronic records that might be modified through normal use (rostering systems, incident logs, shared documents). Your lawyer can advise on whether to engage a digital-forensics specialist.
• Destroying or altering documents subject to a Commission notice is itself a contravention - and a serious aggravating factor in any subsequent action. The window for "routine deletion" closes the moment you become aware of the notice.

Hour 48–72: scope the response with your lawyer

• Identify the exact documents and information the notice requires. Distinguish between what's legally required and what is voluntary additional context.
• Map the response deadline. Most notices give 14–28 days; some give 7. Identify any items you may need an extension for and ask your lawyer to request it formally and early.
• Identify the internal personnel needed to gather responsive material - typically your operations manager, quality lead, HR, and (if relevant) the worker(s) involved. Brief them on the preservation hold and the confidentiality of the matter.
• Agree the chain of approval. Nothing leaves your organisation without your lawyer reviewing it first.

Things NOT to do

Types of notices you might receive

Compliance review letter (informal)

A letter raising specific concerns or asking for clarifying information. Lighter weight than a formal notice, but ignoring it can escalate to a formal notice. Treat as the start of a process, not a fishing expedition.

Notice to produce documents (section 55A)

A formal demand for specified documents. Compliance is legally required within the stated timeframe. Penalties apply for non-compliance. Privilege claims must be made formally - you can't just withhold privileged material without saying so.

Notice of intention to issue a banning order (section 73ZN)

The most serious step short of an actual order. Sets out the conduct, the proposed scope and duration of the ban, and your right to respond. The response is your one chance to influence whether the order is made, and what it covers. Engage a senior lawyer immediately.

Notice of intention to take compliance action

Covers a range of intended actions: conditions on registration, variations, suspensions, civil penalty proceedings, infringement notices. Each has different procedural rules and response rights. Your lawyer will identify which framework applies.

Interim banning order

Issued without prior notice in cases of immediate participant risk. Effective from the date stated (usually same day or 24 hours). Comes with reasons and review rights. Treat as a first-day crisis - the order is already in force; your job is to comply and to mount the most effective review application possible.

The response itself

A well-prepared response, drafted with your lawyer, typically includes:

• A concise factual statement setting out what happened, in chronological order, without adjectival commentary or speculation.
• Direct responses to each question or allegation in the notice, in the order the Commission raised them.
• The supporting documents - every record that evidences your factual statements. Don't paraphrase what a document says when you can attach the document.
• The remediation steps you've already taken or will take. Demonstrating that controls are improving is often as important as defending the past conduct.
• Any context or mitigation that's relevant - staffing pressures, prior good record, prompt self-report - but without minimising or excusing conduct.

Tone matters. The Commission's decision-makers respond better to candid, cooperative, evidence-driven responses than to defensive or adversarial ones. That doesn't mean conceding - it means staying disciplined.

What it costs (typical ranges)

Most providers underestimate both. The internal time cost in particular tends to come out of the same people who run day-to-day operations - and the operational quality has to stay high while the response is being prepared.

How Checkbase helps

The single best preparation for a Commission notice is being able to answer the question "show me the evidence" quickly and credibly. Checkbase keeps your worker compliance, participant files, incident logs, and audit trail in one place so a notice-response document pull takes hours, not weeks. The auditor portal - built for Tier 1 certification audits - works equally well as a structured way to share evidence with the Commission, your lawyer, or both.

To be clear: Checkbase is software, not a legal service. We can't draft your response or speak to the Commission for you. What we can do is make the underlying records easy to assemble - which materially reduces both the legal fees and the internal time cost of any response.

Frequently asked questions