Guide · NDIS

NDIS Practice Standards: a plain-English checklist

Key takeaways

  • The NDIS Practice Standards set out the quality and safety benchmarks that registered NDIS providers are expected to meet.
  • They are overseen by the NDIS Quality and Safeguards Commission and assessed by approved quality auditors.
  • They are organised into a Core module plus supplementary modules that apply to specific, higher-risk supports.
  • Higher-risk or more complex supports generally lead to certification; lower-risk supports generally use the simpler verification pathway.
  • Whether you must be registered — and which modules apply — depends on your supports and participants; confirm your obligations with the Commission.

The NDIS Practice Standards are the quality and safety benchmarks that registered NDIS providers are expected to meet when they deliver supports and services to participants. Overseen by the NDIS Quality and Safeguards Commission, they describe what safe, high-quality support looks like — and they are the yardstick an approved quality auditor uses when assessing your organisation. This plain-English guide explains what the standards cover, who they apply to, the difference between certification and verification, and gives you a practical readiness checklist to work through before an audit.

What are the NDIS Practice Standards?

The NDIS Practice Standards are a set of quality standards that registered NDIS providers must meet to deliver supports under the National Disability Insurance Scheme. They sit within the NDIS Commission's broader quality and safeguarding framework, alongside the NDIS Code of Conduct, and they exist to make sure participants receive safe, respectful, person-centred support.

The standards are outcome-focused: rather than prescribing exactly how to run your organisation, they describe the outcomes a participant should be able to expect, and expect you to show how your policies, processes and day-to-day practice achieve them. Compliance is assessed by an approved quality auditor — an independent body approved to conduct NDIS audits — and the whole system is overseen by the NDIS Quality and Safeguards Commission, which registers providers and regulates the standards.

Who they apply to

The standards apply to registered NDIS providers. Whether an organisation is required to be registered — and therefore assessed against the standards — depends on the supports it delivers and the participants it works with. Some supports and some funding arrangements effectively require registration; others do not. Providers who are not registered are not audited against the Practice Standards, but they still have obligations under the NDIS Code of Conduct and other laws.

Because these boundaries can be nuanced and can change, this guide keeps them deliberately general. If you are unsure whether you need to be registered, or which requirements apply to your particular services, confirm your obligations directly with the NDIS Quality and Safeguards Commission before making decisions.

The Core module and supplementary modules

The Practice Standards are organised into modules. Every registered provider is assessed against the Core module, which covers foundational areas such as:

  • Rights and responsibilities — treating participants with dignity, respecting choice and control, privacy, and freedom from abuse and neglect.
  • Provider governance and operational management — how the organisation is run, including risk management, quality systems and human resources.
  • Provision of supports — how supports are planned, delivered and reviewed with each participant.
  • The support environment — making sure the environment supports are delivered in is safe and fit for purpose.

On top of the Core module, supplementary modules apply to specific, higher-risk supports — for example high-intensity daily personal activities, specialist behaviour support, early childhood supports, and others. You are only assessed against the modules relevant to the supports you actually deliver, so two registered providers can face quite different scopes. The exact modules and their contents are defined by the Commission and can be updated, so treat the areas above as an orientation rather than a definitive list, and confirm the current modules that apply to you with the Commission or your auditor.

Certification vs verification

Not every provider goes through the same depth of audit. There are two broad pathways:

  • Certification — the more detailed pathway, generally for providers delivering higher-risk or more complex supports. A certification audit assesses you against the Core module and any relevant supplementary modules, and typically involves both a review of your systems and a visit that samples how supports are delivered in practice.
  • Verification — the simpler pathway, generally for providers delivering lower-risk supports. Verification is a lighter-touch assessment focused on a defined set of requirements rather than the full modules.

Which pathway applies is driven by the registration groups and supports you register for, not by choice. The Commission and your approved quality auditor confirm which pathway — and which modules — apply to your organisation, so use that as your source of truth when you plan your audit.

A practical readiness checklist

Whether you are preparing for a first audit or a re-assessment, the same groundwork applies. Work through the following, and treat each item as "can we evidence this?", not just "do we do this?"

  • Confirm your registration groups and which modules apply. Start from what you are (or want to be) registered to deliver, and map that to the Core module plus any supplementary modules and the certification or verification pathway.
  • Map your policies and procedures to each standard. Build a simple matrix that links every applicable standard to the policy, procedure or record that demonstrates it — and flag the gaps.
  • Evidence how supports are actually delivered. Auditors look at real practice, not just documents. Make sure participant records, consent, support plans and reviews reflect what happens day to day.
  • Get worker screening, training and records in order. Confirm worker screening clearances, orientation, role-appropriate training and up-to-date HR records are complete and easy to produce.
  • Check incident management and reportable-incident processes. Make sure staff know how to identify, record, respond to and — where required — report incidents, and that your reportable-incident process actually works end to end.
  • Run complaints and feedback loops. Show that participants can raise complaints easily, that you act on them, and that feedback feeds back into improving supports.
  • Prepare participants and workers for the audit. Auditors may speak with both. Make sure people understand the process and can speak to how supports are planned and delivered.
  • Do a self-assessment or mock audit and close gaps. Walk the standards as if you were the auditor, log the gaps, assign owners and due dates, and close them before the real assessment.

How software helps

Audit readiness is really an evidence problem: the requirements are stable enough to plan for, but the evidence is scattered across policies, participant records, rosters, training logs and incident registers. A configurable platform helps by putting that on one connected model. In Ontvine's NDIS & disability software you can model the standards and modules that apply to your registration, map each one to the policy or record that evidences it, and see the gaps before an auditor does. Because incidents are a core focus of any assessment, you can run incident & SIRS reporting workflows — capture, respond to and, where required, escalate reportable incidents — alongside complaints and feedback loops on the same model.

Ontvine is a configurable platform at a founding, design-partner stage, so the emphasis is on helping you model, track and build your own readiness — not a claim that any tool guarantees registration or a passing audit. As the standards and your services change, the model can be adjusted to match, rather than waiting on a vendor release.

Note: This is general information, current as of July 2026, and is not legal or compliance advice. The NDIS Practice Standards, modules and processes are set and updated by the NDIS Quality and Safeguards Commission, and requirements change over time — always confirm current details and your own obligations with the NDIS Quality and Safeguards Commission before making decisions.

Frequently asked questions

Who do the NDIS Practice Standards apply to?

They apply to registered NDIS providers. Whether you need to be registered — and which parts of the standards apply — depends on the supports you deliver and the participants you work with. Unregistered providers are not audited against the standards but still have obligations under the NDIS Code of Conduct. Confirm your own obligations with the NDIS Quality and Safeguards Commission.

What's the difference between certification and verification?

Certification is the more detailed audit pathway, generally used for providers delivering higher-risk or more complex supports, and it assesses you against the relevant modules. Verification is the simpler pathway, generally used for providers delivering lower-risk supports. The Commission and your approved quality auditor confirm which pathway applies to your organisation.

Who audits against the NDIS Practice Standards?

Assessments are carried out by approved quality auditors — independent bodies approved to conduct NDIS audits. The whole system is overseen by the NDIS Quality and Safeguards Commission, which registers providers and regulates the standards.

Sources & further reading

  • NDIS Quality and Safeguards Commission — ndiscommission.gov.au (NDIS Practice Standards, provider registration and audits)
  • NDIS Quality and Safeguards Commission — NDIS Code of Conduct (obligations for registered and unregistered providers)

Get audit-ready with Ontvine

See how NDIS providers can model the Practice Standards, map their evidence and run incident and complaints workflows on one connected model that adapts as the rules change.