Almost every childcare service in Australia has a folder of policies somewhere on their premises. Under Regulation 171 those policies must be available for inspection at all times when children are being educated and cared for. But what the regulation does not specify — and what many services discover too late — is that a policy must actually contain what the regulation requires it to contain. A page with a heading and three dot points is not the same as a compliant policy under the National Quality Framework.

This guide walks through the four things every compliant policy needs, the most common failure patterns, and a self-assessment checklist you can use today.

What Regulation 168 Actually Requires

Regulation 168(2) lists every policy and procedure that an approved provider must have, and specifies the subject matter that must be covered in each one. It is not enough to have a policy with the right name if it does not address the required content. For example, the Child Safety Policy must include the procedures for managing the risk of harm to children and the procedures for dealing with incidents where harm occurs — not just a statement of commitment.

An assessor reading your Child Safety Policy is looking for those specific procedural elements. If they are missing, the policy is non-compliant even if the document is twenty pages long.

The Four Things Every Compliant Policy Must Have

1. A clear legislative reference

Every policy should cite the specific regulation, section of the National Law or NQS standard that requires it. Assessors use this to confirm the service understands its obligations, not just its paperwork. A policy that says "we are committed to child safety" without referencing Regulation 168(2)(h), section 167 of the National Law, and the National Principles for Child Safe Organisations is a policy that will invite follow-up questions.

2. A policy statement separate from procedures

The policy statement is what the service is committed to and why. The procedures are how that commitment is enacted in practice. Many downloaded templates conflate these into a single generic paragraph. A compliant policy has both — a statement of intent and a step-by-step procedure that can actually be followed.

3. A review date and version number

Under Regulation 172, policies must be reviewed at least annually or as required. A policy with no review date, or a review date two years in the past, signals to an assessor that the service is not managing its compliance obligations actively. Version numbers also matter — if you update a policy following a legislative change and cannot demonstrate when and why it was updated, you cannot evidence continuous improvement under NQS Standard 7.1.

4. Alignment with current legislation

The National Regulations are amended periodically and policies must reflect current law. A Child Safety Policy that does not mention the 24-hour notification obligation introduced in September 2025 is out of date. A Staff Induction Procedure that does not mention the National Early Childhood Worker Register is out of date. Assessors know the current law and will notice when a policy does not reflect it.

Quick test: Open any policy in your folder. If you cannot answer "what regulation requires this", "when was it last reviewed", and "what is the SOP that operationalises it" within thirty seconds, the policy needs work.

The Most Common Policy Failures

  1. The policy name is right but the content is wrong. A "Medication Policy" that does not address the Medication Authority Form requirement under Regulation 92 fails despite having the correct title.
  2. Policies that are not accessible. Locked in the director's office or on a password-protected computer that no on-shift educator can open.
  3. Generic templates with placeholder text still in them. [Service Name] never replaced, [insert regulation] still visible, "Updated on [date]" left as a literal placeholder.
  4. Policies that describe what staff should do but not the consequences of non-compliance or how breaches are managed.
  5. A Code of Conduct that does not explicitly name the prohibited practices under Regulation 155 — assessors expect to see these listed in plain language.
  6. Complaints policies that do not specify the regulatory notification obligation under Regulation 176 or the timeframe for responding to complaints from families.

Policy vs Procedure — Why the Distinction Matters

Take the Emergency and Evacuation Policy as an example. The policy should state what the service is committed to (safe and timely evacuation of all children and staff in an emergency) and the legislative basis (Regulation 97, Regulation 168(2)(e)). The Emergency Evacuation SOP is the step-by-step procedure that educators follow when an evacuation is called — assembly point, role allocation, head count, communication with emergency services, communication with families.

Having the policy but not the SOP — or having the SOP but calling it the policy — are both compliance gaps. The NQF expects both documents to exist and to cross-reference each other.

How to Know if Your Policies Are Assessment Ready

Use this self-assessment checklist on each mandatory policy in your folder:

  1. Does the policy cite the specific regulation or NQS standard that requires it?
  2. Does it have a current review date within the last 12 months?
  3. Does it have a version number?
  4. Does it clearly name the approved provider and service?
  5. Does it separate the policy statement from the procedures?
  6. Does it reflect legislation current to 2025–26 (including the September 2025 amendments)?
  7. Is it available for inspection without needing to unlock a computer or find a key?
  8. Can your educators find it without asking the director?
  9. Is it cross-referenced to the relevant SOP and register?
  10. Has it been reviewed following any significant incident or legislative change?

If any policy scores below 8/10 on this checklist, it should be flagged for revision before your next assessment.

What Good Looks Like

A well-structured policy document — using the TrueBlue Compliance suite as the benchmark — has a navy and teal branded header with the service name pre-filled, a meta table showing document code, quality area, legislative basis, NQS standard, review frequency, version and approved-by signature, followed by clearly numbered sections for purpose, scope, legislative framework, policy statement, procedures, and review clause. Every section uses plain English that educators can read and understand, not legal language that requires interpretation.

The Bottom Line

The difference between a policy that passes assessment and one that creates compliance concerns is not length or complexity — it is specificity, currency and accessibility. A four-page policy that cites the correct regulation, reflects current law, has a review date this year, and can be found in thirty seconds is worth more to your service than a twenty-page document that lives in a locked cabinet and was last updated in 2022.

If you are not confident your current policies meet this standard, now is the time to find out — before an assessor does it for you.