NDIS Verification vs Certification Pathway: Choosing the Right One

NDIS Verification vs Certification Pathway: Choosing the Right One

Choosing between the NDIS verification vs certification pathway is one of the first — and most consequential — decisions a provider makes during registration. Get it wrong and you could face an unexpectedly large audit, significant cost overruns, and delays to your registration approval. Get it right and you complete a proportionate, efficient audit that accurately reflects your service types and risk profile. This guide explains exactly how each pathway works, who must use each one, what the audit process looks like in practice, and how to make the right choice for your organisation.

What Is the NDIS Verification vs Certification Pathway?

The NDIS verification and certification pathways are two distinct audit frameworks used to assess whether registered NDIS providers meet the NDIS Practice Standards. The pathway you follow is determined by the registration groups you hold — specifically, the risk level of the supports and services you deliver to NDIS participants.

The Verification Pathway: Lower-Risk Services, Streamlined Audit

The verification pathway applies to providers delivering lower-risk supports. It is a desktop audit — meaning the auditor reviews your documentation remotely without needing to visit your premises or observe services being delivered. Verification audits typically take approximately 0.5 days to complete, making them considerably less resource-intensive than certification audits.

Which Services Use the Verification Pathway?

Verification pathway providers typically deliver supports such as:

• Plan management
• Therapeutic supports (for some therapy provider types)
• Assistive technology and equipment
• Home modifications
• Support coordination (in certain configurations)
• Specialised transport

The common thread is that these supports carry a lower direct risk of harm to participants compared to personal care, behaviour support, or accommodation services. The NDIS Commission’s guidance documents specify which registration groups fall under each pathway — always verify your specific registration groups against the current Commission guidance, as classifications can be updated.

What the Verification Audit Requires

Verification audit requirements focus on a targeted set of NDIS Practice Standards: the core modules relevant to your registration groups plus any supplementary modules that apply. The auditor reviews your documentation remotely and assesses whether your policies, procedures, and records demonstrate compliance. Unlike certification audits, there are no staff interviews, participant file reviews on-site, or observational components. However, documentation must be thorough, current, and genuinely reflective of how your organisation operates — not simply a collection of templates that have never been implemented.

There is no mid-term audit requirement for verification-only providers. Your next formal compliance assessment occurs at your three-year renewal. However, this does not mean you can relax compliance efforts between audits. The NDIS Commission can initiate special or out-of-cycle audits at any time if concerns arise about provider performance. Maintaining your NDIS compliance systems year-round remains essential.

The Certification Pathway: Higher-Risk Services, Comprehensive Audit

The certification pathway applies to providers delivering higher-risk supports. It is a two-stage audit process involving both desktop review and mandatory on-site assessment, conducted over a significantly longer period — typically two to five days in total. The certification pathway is more complex, more resource-intensive, and more costly than verification, but it is the appropriate standard for services where the potential for harm to participants is higher.

Which Services Require the Certification Pathway?

Certification pathway services include higher-risk supports such as:

• Supported Independent Living (SIL)
• Specialist Disability Accommodation (SDA)
• High Intensity Daily Activities
• Specialised Behaviour Support
• Early Childhood Supports (for some provider types)
• Specialist Support Coordination
• Personal care and community participation supports (for some registration groups)

Any provider whose registration scope includes at least one certification-level registration group must follow the certification pathway for their entire audit — you cannot mix verification and certification across different parts of the same audit.

Stage 1 of the Certification Audit

Stage 1 is a desktop review, similar in nature to the verification audit. The Stage 1 audit assesses your organisation’s documentation, policies, procedures, governance frameworks, and systems. The auditor evaluates whether your organisation has the foundations in place to meet the NDIS Practice Standards and identifies any areas that require closer examination in Stage 2.

Stage 1 may identify observations or minor concerns that will be followed up during the on-site Stage 2 component. The findings from Stage 1 directly shape the focus areas for Stage 2. Therefore, having complete, well-organised, and genuinely implemented documentation at Stage 1 is not merely a bureaucratic requirement — it determines where the auditor concentrates their scrutiny during the more intensive on-site assessment.

Stage 2 must be conducted within three months of Stage 1. Allowing too much time to elapse between stages can create scheduling complications and regulatory pressure.

Stage 2 of the Certification Audit: On-Site Assessment

The Stage 2 audit is the on-site component of the certification process. This is where the auditor comes to your premises — potentially multiple sites depending on your operational footprint — and directly assesses whether your documented systems reflect what actually happens in practice. Stage 2 components include:

• Observations: The auditor observes support delivery, workplace practices, and operational processes directly
• File reviews: Participant files, staff records, and compliance documentation are reviewed in detail
• Staff interviews: Workers across different roles are interviewed to assess their understanding of Practice Standards, their training, and their day-to-day practices
• Participant interviews: In many cases, participants and/or their families or nominees are interviewed to provide their perspective on the quality and safety of supports delivered

The depth and duration of Stage 2 depends on the complexity of your operations, the number of registration groups, your participant numbers, and the number of sites the auditor needs to assess. Larger, more complex organisations can expect Stage 2 audits lasting several days. Preparing your staff for interviews — ensuring they understand their responsibilities under the NDIS Code of Conduct and can speak confidently about their practice — is one of the most impactful ways to prepare for Stage 2.

The Mid-Term Audit at 18 Months: Certification Providers Only

One of the most significant differences between the verification and certification pathways is the mid-term audit requirement. Certification providers must undergo a mid-term audit approximately 18 months into their three-year registration period. Verification-only providers are not subject to mid-term audits under standard arrangements.

What the Mid-Term Audit Covers

The mid-term audit is a targeted review rather than a full re-audit. It focuses on:

• The governance and management standards from the NDIS Practice Standards core module
• Any corrective actions that were identified during your initial or renewal certification audit and remain open
• Any specific areas of concern that have emerged since your last audit

The mid-term audit provides the Commission with assurance that certified providers are maintaining their compliance standards throughout the registration period — not merely performing well at audit time. It is a mechanism for continuous quality improvement rather than a punitive measure, but providers who have neglected corrective actions or allowed governance standards to slip will face consequences at the mid-term assessment.

Mid-Term Audit Exceptions

Certain provider types are exempt from the mid-term audit requirement under specific circumstances. These include sole traders registered solely for Early Childhood Supports, and providers registered solely for Specialist Disability Accommodation. If you believe an exemption may apply to your organisation, confirm this directly with the NDIS Commission or your AQA — do not assume an exemption applies without verification.

Preparing for Your Mid-Term Audit

The 18-month mid-term audit should not catch you by surprise. Build it into your compliance calendar as a firm milestone at the outset of each registration period. In the months leading up to the mid-term audit, review the corrective actions from your last certification audit and confirm they have been fully implemented and documented. Ensure your governance documentation — board minutes, risk register, policies — reflects current practice. Your NDIS Practice Standards compliance work should be ongoing, not conducted only in response to audit triggers.

How to Choose the Right Pathway for Your Organisation

In practice, the choice between verification audit requirements and certification audit requirements is not entirely optional — it is largely determined by the registration groups you hold or plan to hold. However, providers do have choices around scope design, and these choices have direct implications for audit pathway and complexity.

Decision Framework: Which Pathway Do Your Services Require?

Use the following framework to assess your pathway:

1. List all your registration groups — current and any you plan to add
2. Check the NDIS Commission’s guidance on which registration groups require certification versus verification
3. Identify your highest-risk registration group — if any single group requires certification, your entire audit follows the certification pathway
4. Assess whether all your registration groups are genuinely active — holding certification-level groups that generate no revenue adds audit complexity and cost without benefit
5. Consult with an AQA before finalising your registration scope — experienced auditors can advise on pathway implications and help you design a scope that is proportionate to your operations

Common Scenarios and the Right Pathway

A plan management provider offering only plan management services will follow the verification pathway — a half-day desktop audit every three years with no mid-term requirement. This is a relatively streamlined compliance pathway.

A provider delivering both plan management and supported independent living must follow the certification pathway for their entire audit because SIL is a higher-risk service. They face a two-stage audit at registration and renewal, plus a mid-term audit at 18 months.

A therapy provider delivering only therapeutic supports may qualify for verification in some configurations, but this depends on the specific registration groups claimed and the participant cohort served. Providers supporting participants with complex behaviour support needs may find that their registration groups require certification even for therapy-type services.

The Cost and Time Implications of Each Pathway

Verification audits typically cost significantly less than certification audits due to their shorter duration and purely desktop nature. Certification audits — particularly for large, multi-site organisations — can represent a substantial operational cost. However, choosing a lower-complexity registration scope simply to avoid certification audit costs is not advisable if your actual services require certification-level oversight. Misrepresenting your service scope creates serious compliance and legal risks. Review our guidance on the complete NDIS provider registration process to understand scope requirements in full.

Special and Out-of-Cycle Audits

Both verification and certification providers can be subject to special or out-of-cycle audits if the NDIS Commission has concerns about a provider’s compliance. These concerns may arise from participant complaints, reportable incident patterns, tip-offs from workers or community members, or intelligence gathered through the Commission’s monitoring activities.

Special audits are not routine but they are a real risk for providers with compliance vulnerabilities. The best protection against an unplanned audit is consistent, well-documented compliance throughout your registration period — not just strong performance in the months before your scheduled audit. Maintaining rigorous incident management and SIRS reporting practices significantly reduces the risk of triggering a Commission-initiated review.

Which NDIS Audit Pathway Should You Choose?

Can a provider switch from certification to verification at renewal?

Yes — if a provider removes all certification-level registration groups from their scope during renewal, they may be eligible for the verification pathway going forward. However, this is only appropriate if the removal reflects genuine changes in service delivery, not a strategic attempt to reduce audit burden while continuing to deliver higher-risk supports without appropriate oversight.

Does the verification pathway mean lower standards?

No. The verification pathway applies proportionate audit methodology to lower-risk services — it does not mean lower compliance standards. Providers on the verification pathway must still meet all applicable NDIS Practice Standards requirements. The difference is in the audit method used to assess compliance, not in the standards themselves.

What is a mid-term audit and when does it happen?

A mid-term audit is a targeted compliance assessment conducted approximately 18 months into a certification provider’s three-year registration period. It focuses on governance and management standards and any outstanding corrective actions from previous audits. Verification-only providers are generally not subject to mid-term audits. The mid-term audit is conducted by an NDIS Commission-approved quality auditor and its findings can influence the Commission’s assessment of your registration status.

How Inficurex Helps You Manage Both Audit Pathways

Whether your organisation follows the verification or certification pathway, maintaining audit-ready documentation year-round is the foundation of a smooth audit process. Inficurex provides NDIS providers with integrated tools for tracking compliance evidence, managing worker screening records, documenting incidents and outcomes, and maintaining participant files that demonstrate ongoing Practice Standards compliance. When your audit date arrives — whether it is a half-day desktop review or a multi-day on-site certification assessment — your documentation is organised, current, and accessible. Explore how Inficurex supports NDIS audit preparation.

Frequently Asked Questions: NDIS Verification vs Certification

What is the difference between NDIS verification and certification audits?

Verification is a desktop audit for lower-risk services, lasting approximately 0.5 days, with no on-site visit required. Certification is a two-stage process for higher-risk services, combining a desktop Stage 1 review with an on-site Stage 2 assessment over two to five days total. Certification providers also face a mid-term audit at 18 months; verification providers generally do not.

Which NDIS services require the certification pathway?

Higher-risk services require the certification pathway, including Supported Independent Living, Specialist Disability Accommodation, High Intensity Daily Activities, Specialised Behaviour Support, and Specialist Support Coordination. If any single registration group in your scope requires certification, your entire audit must follow the certification pathway.

How long does an NDIS certification audit take?

A certification audit takes two to five days in total across both stages. Stage 1 is a desktop review, followed by Stage 2, which must be conducted within three months. Stage 2 duration depends on your organisation’s size, number of sites, participant numbers, and registration group complexity. Larger organisations with multiple outlets can expect longer Stage 2 assessments.

What happens at the Stage 2 certification audit?

Stage 2 is an on-site assessment where the auditor conducts observations of service delivery, reviews participant and staff files in detail, and interviews both workers and participants. The focus is on verifying that your documented systems reflect actual practice. Preparing staff to speak confidently about Practice Standards, incident reporting, and their daily responsibilities is critical to a successful Stage 2 outcome.

Do I need a mid-term audit on the verification pathway?

Generally, no. Mid-term audits at 18 months apply to certification providers. Verification-only providers are not required to undergo mid-term audits under standard arrangements, though the NDIS Commission retains the authority to conduct special or out-of-cycle audits for any registered provider if concerns arise about compliance.

Can I choose the verification pathway to reduce costs?

Only if your registration groups genuinely qualify for verification. The pathway is determined by the risk level of your services as classified by the NDIS Commission — you cannot elect verification if your registration groups require certification. Attempting to minimise your scope to access verification while delivering higher-risk services without appropriate registration creates serious legal and compliance risks.

What is a Stage 1 vs Stage 2 audit in the certification pathway?

Stage 1 is a desktop review of your organisation’s documentation, policies, and governance systems. Stage 2 is an on-site assessment conducted within three months of Stage 1, involving observations, file reviews, and staff and participant interviews. Stage 1 findings shape the focus of Stage 2 — comprehensive documentation at Stage 1 helps direct the auditor’s attention away from problem areas. Both stages are conducted by your chosen Approved Quality Auditor.

How do I find an NDIS Commission-approved quality auditor?

The NDIS Commission maintains a searchable list of Approved Quality Auditors on its website. Obtain at least three quotes and evaluate auditors on their experience with your service types, their availability within your required timeframe, and their familiarity with any specialist participant populations you support. Ask for references from other providers they have audited in similar service areas. Also review our guide on NDIS worker screening requirements to ensure your staffing records are complete before your audit.