NDIS Document Control Best Practices
Module 2 expects version control on every policy. Most providers have policies floating in email and personal drives - that's an audit fail waiting to happen. Document control is one of the simplest audit fixes - just requires discipline. Here's the system we use at the NDIS company we operated.
Why Document Control Is Audit-Critical
Module 2 audits regularly fail providers for: multiple policy versions floating in different drives, policies undated or unsigned, no master register listing what's current, staff using outdated procedures because they downloaded versions to personal devices. Fix is structural, not technical. From our audits at the NDIS company we operated - the auditor literally asked to see our document control register before any specific policy. Couldn't show one? Audit-fail observation logged.
Pick a Single Source of Truth
Choose one location and enforce it. Options that work: SharePoint or Google Drive (free with existing subscriptions), dedicated document management software (PolicyTech, ProcessKitchen), or even a structured folder in Dropbox Business with locked access. We use Google Drive at the NDIS company we operated - simple, accessible, version-tracked. Critical: nobody works from personal devices or downloaded copies. Live link only. The single source of truth eliminates the version-confusion problem at root.
Apply Version Numbers and Dates to Every Document
Every policy and procedure must have: version number (v1.0, v1.1, v2.0), date of creation, date of last review, date of next scheduled review, approving authority (director, board, etc), signature or e-sign of approver. Format the header consistently across all documents. Auditors will randomly pull documents and check this. Inconsistent formatting suggests undisciplined system. Consistent formatting suggests robust system. Templates make this easy - build your header template once and every document inherits it.
The Master Document Register
Maintain a single master register listing every controlled document. Columns: document name, current version, location (link), creation date, last review date, next review date, owner. We use a Google Sheet at the NDIS company we operated - simple but auditable. Auditor asks "show me your current incident management policy" - you click the link from the register and show the live document. Auditor asks "how do you ensure policies stay current" - you point to the next-review-date column and show the rhythm. Both questions answered in 30 seconds.
Action Items to Set Up Document Control This Quarter
This quarter: 1) Pick your single source of truth (don't change it later). 2) Migrate every policy to that location with version numbers. 3) Build the master document register. 4) Schedule recurring 6-monthly reviews of every policy. 5) Train your team to only work from the live location. 6) Audit document control quarterly yourself. Provider Scale's $999 registration package includes a complete policy pack with version control structure. Document control is genuinely the easiest Module 2 win - takes a week to fix and prevents repeated audit findings.