NDIS Core Module Practice Standards: What Providers Must Know

Q: What is the most important standard in the core module?

All four standards are equally important for compliance, but Standard 2 (Provider Governance and Operational Management) is often the most complex because it underpins all others, including risk management, incident systems, HR practices, and continuity of supports.

Q: How should I prepare my service agreements for a core module audit?

Service agreements must clearly state supports to be provided, how and when they will be delivered, written in language participants understand, signed by participants or authorised representatives, and reviewed when participant needs change.

Q: Can I use software to help manage core module compliance?

Yes. Purpose-built NDIS provider software centralises documentation, generates audit-ready reports, and automates evidence trails for incident management, support delivery, and worker records — reducing administrative burden significantly.

NDIS core module practice standards overview for Australian providers

The NDIS core module practice standards are the non-negotiable foundation of registered provider compliance in Australia. If your organisation delivers higher-risk or complex supports, the core module applies to you — and understanding it deeply is the difference between a smooth audit and a compliance crisis. This guide goes beyond a surface-level overview. It breaks down each of the four core module standards, explains exactly what auditors look for under each quality indicator, and provides a practical evidence requirements checklist so you know precisely what to prepare. If you are renewing your registration, preparing for a mid-term audit, or building compliance systems from scratch, this is your starting point.

What Is the NDIS Core Module?

The NDIS core module is the set of four practice standards that all registered providers requiring certification must comply with, regardless of the specific supports they deliver. It forms the universal compliance baseline for providers in the NDIS system, covering participant rights, internal governance, support delivery, and the physical environment in which supports occur.

The core module is defined under the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018 and administered by the NDIS Quality and Safeguards Commission. It works in conjunction with the NDIS Code of Conduct and any supplementary modules that apply based on a provider’s specific registration groups.

Each of the four standards within the core module is expressed as a participant-focused outcome. Beneath each outcome sit quality indicators — specific, auditable evidence points that demonstrate the outcome is being achieved in real practice. Having policies on paper is not enough; auditors assess whether systems genuinely function and whether workers implement them in daily support delivery.

Who Must Comply With NDIS Core Module Practice Standards?

The core module applies to all providers who require a certification audit. This means providers who are registered to deliver:

Personal care and community participation supports
Supported independent living (SIL)
Daily task and shared living supports
Specialist behaviour support or implementing behaviour support plans
Early childhood supports
Support coordination and specialist support coordination
Therapeutic and allied health supports
High intensity daily personal activities

Providers offering only lower-risk, lower-complexity supports — such as household tasks, transport, or assistive technology — may qualify for the verification pathway instead. Verification providers only need to meet standards in human resource management, incident management, and complaints management. If you are unsure which pathway applies to your registration groups, our NDIS provider registration checklist provides detailed guidance.

The 4 Core Module Standards: A Complete Breakdown

Each of the four core module standards contains multiple sub-elements and associated quality indicators. Here is a detailed examination of what each standard requires and how auditors assess compliance.

Core Module Standard 1: Rights and Responsibilities

This standard requires providers to actively uphold participants’ legal and human rights and fulfil their responsibilities in the delivery of supports. It is the most person-centred standard in the core module and sets the ethical foundation for everything else a provider does.

Standard 1 contains five sub-elements:

Person-centred supports — participants must be supported in a way that promotes their legal and human rights, enables informed choice and control, and respects their self-determination
Individual values and beliefs — each participant’s culture, diversity, values, and beliefs must be genuinely respected and incorporated into their supports
Privacy and dignity — all support interactions must protect participants’ dignity and their right to privacy, including how personal information is collected, stored, and used
Independence and informed choice — participants must be supported to make informed decisions, including having the benefit of understanding risks (dignity of risk), maximising their independence, and accessing independent advocates if they choose
Freedom from violence, abuse, neglect, exploitation, and discrimination — zero tolerance for harm, with documented prevention measures, clear reporting pathways, and responsive investigation processes

Auditors assessing Standard 1 will look for evidence that participant rights are embedded in everyday practice — not just in policies. They may speak directly with participants to understand their actual experience of how rights are upheld during support delivery.

Core Module Standard 2: Provider Governance and Operational Management

Standard 2 is the most complex standard in the core module. It encompasses the internal systems and governance structures that enable a provider to deliver safe, consistent services at scale. Strong governance underpins all other standards — if your systems are weak, every other area of practice is at risk.

Standard 2 contains nine sub-elements:

Governance and operational management — board or management oversight with clear accountability structures, strategic planning, compliance monitoring, and performance evaluation proportionate to the provider’s size
Risk management — a documented, active risk management system that identifies, assesses, and mitigates risks to participants, workers, and the organisation across all service delivery areas
Quality management — a quality management system that links governance decisions to participant outcomes, includes internal audits on a scheduled basis, and drives continuous improvement
Information management — accurate, current, and confidential participant records with appropriate access controls, clear storage procedures, and processes for sharing information with consent
Feedback and complaints management — an accessible, respectful, and documented complaints system that all participants, families, and workers can use, with clear resolution timelines and trend analysis driving improvements
Incident management — a structured incident management system for capturing, investigating, and responding to incidents, including meeting all NDIS reportable incident notification obligations
Human resource management — documented hiring practices, current worker screening clearances, orientation and induction processes, ongoing training records, supervision schedules, and performance review documentation
Continuity of supports — systems ensuring participants receive uninterrupted supports including rostering arrangements, backup worker protocols, and business continuity plans covering planned and unplanned disruptions
Emergency and disaster management — documented emergency response plans with defined staff roles, evidence of training and drills, and communication plans tailored to participants’ individual needs

In 2025, auditors apply heightened scrutiny to governance quality, emergency management evidence, and human resource management documentation. The expectation is that providers can show governance structures actively connect to participant safety outcomes — not just that governance policies exist.

Core Module Standard 3: Provision of Supports

Standard 3 addresses what providers must do when planning, agreeing to, and delivering supports to individual participants. It ensures that service delivery is genuinely tailored to each person’s goals, needs, and preferences — and that participants have meaningful involvement in shaping their own supports.

Standard 3 contains five sub-elements:

Access to supports — supports are available, accessible, and delivered in ways that genuinely meet participants’ specific needs and goals, including culturally appropriate and disability-accessible formats
Support planning — participants are actively involved in developing, implementing, and regularly reviewing their support plans, and their goals and preferences are documented and communicated to the workers providing their supports
Service agreements with participants — clear, written service agreements that participants genuinely understand, specifying the supports to be provided, how they will be delivered, and under what terms; a well-structured NDIS service agreement template should form the basis of every participant relationship
Responsive support provision — supports are delivered in a timely, competent, and appropriate manner that adapts to participants’ changing needs, with workers having access to current support plan information before they commence delivery
Transitions to or from a provider — transitions between providers are planned, documented, and coordinated to protect participants from disruption and ensure continuity of their critical supports

The key quality indicators under Standard 3 focus on whether participant goals are genuinely reflected in support plans, whether service agreements are written in language participants can understand, and whether transition planning happens proactively rather than reactively when a participant changes providers.

Core Module Standard 4: Provision of Supports Environment

Standard 4 addresses the physical and operational environment in which supports are delivered. It ensures that the setting itself — whether a participant’s home, a day service facility, or a residential support environment — is safe, appropriate, and well-managed.

Standard 4 contains five sub-elements:

Safe environment — physical environments are safe, maintained, and appropriate for the types of supports being delivered, with regular safety checks and documented risk assessments
Participant money and property — any participant funds or property held by the provider are managed with clear accountability, transparent records, and processes to prevent misuse or loss
Management of medication — medication administration follows documented protocols, storage is secure, monitoring is accurate, and only competent, qualified workers administer medications
Mealtime management — meals are nutritious, appropriately prepared, and tailored to each participant’s individual dietary needs, texture requirements, and clinical recommendations; mealtime management plans must be documented and reviewed annually
Management of waste — effective processes protect participants, workers, and others from harm related to waste, infectious substances, or hazardous materials generated during support delivery

Standard 4 became a focus of increased audit attention in 2025, particularly mealtime management. Providers supporting participants with dysphagia or complex nutritional needs must demonstrate collaboration with speech pathologists and dietitians, annual plan reviews, and environmental safety measures to reduce choking risk.

NDIS Core Module Practice Standards: Quality Indicators Explained

Quality indicators are the measurable evidence points auditors use to assess whether each standard is being met. They are framed as questions that probe real-world implementation. Understanding how quality indicators work helps you build audit-ready evidence systems rather than scrambling to find documentation at review time.

Quality indicators operate on the principle of proportionality. The NDIS Commission expects evidence to be proportionate to your organisation’s size, the complexity of supports you deliver, and the risks involved. A small sole-trader provider is not expected to provide the same depth of governance documentation as a large corporate provider supporting hundreds of participants in residential settings.

However, proportionality does not mean optional. Every quality indicator must be addressed with some form of genuine evidence. The question is the scale and sophistication of that evidence, not whether it exists at all.

NDIS Core Module Practice Standards: Evidence Requirements Checklist

This checklist organises the evidence most commonly required across all four core module standards. Use it as a gap analysis tool to assess your current compliance readiness.

Standard 1: Rights and Responsibilities — Evidence Checklist

NDIS Code of Conduct acknowledgements signed by all workers
Charter of Rights accessible to all participants in appropriate formats
Participant support plans reflecting individual values, culture, and communication needs
File notes documenting rights-based conversations and decision-making support
Consent forms for collection and use of personal information
Information about advocacy services in accessible formats
Policies and procedures on privacy, dignity, and informed choice
Records of worker training in rights-based practice
Incident and complaints register showing documented responses to any reports of harm
Worker screening records and police check certificates

Standard 2: Governance and Operational Management — Evidence Checklist

Board meeting minutes showing active governance and performance oversight decisions
Strategic and business plan with documented review history
Financial risk management frameworks and compliance registers
Documented delegation of authority and accountability structures
Risk register with current risk assessments, mitigation actions, and review dates
Quality management system with internal audit schedules, reports, and corrective actions
Continuous improvement register with documented improvements linked to incidents, complaints, and feedback
Participant records with consent documentation, access controls, and storage procedures
Complaints register with resolution records, timelines, and trend analysis
Incident register including reportable incidents notified to the NDIS Commission
Position descriptions identifying required skills, qualifications, and responsibilities
Worker pre-employment check records including police checks and working with children checks
Worker screening clearance records for all risk-assessed roles
NDIS Worker Orientation Program completion records for all workers
Training schedules, attendance records, and training effectiveness evaluations
Supervision records and worker performance reviews
Staff rosters demonstrating continuity of supports and backup arrangements
Business continuity plan addressing planned and unplanned disruptions
Emergency and disaster management plan with defined staff roles
Records of emergency preparedness training and drills
Communication plans tailored to participants with complex communication needs

Standard 3: Provision of Supports — Evidence Checklist

Participant support plans developed collaboratively, with participant signatures and review dates
Service agreements written in accessible language, signed by participants or their representatives
File notes documenting support plan reviews and any changes to participant goals or needs
Records confirming workers received support plan information before commencing delivery
Transition plans for participants moving to or from the provider
Documentation of participant involvement in service design and review processes
Records of staff rostering aligned to support plan requirements
Evidence that supports meet participants’ individual cultural, communication, and accessibility needs

Standard 4: Supports Environment — Evidence Checklist

Environment safety inspection records and checklists with review dates
Participant money and property registers with clear accountability records
Medication administration protocols, storage records, and competency assessments for workers
Mealtime management plans for each participant requiring mealtime support
Evidence of clinical input from speech pathologists or dietitians where relevant
Annual mealtime management plan reviews
Waste management procedures and worker training records
Incident reports related to environmental hazards or near-misses

Common Mistakes NDIS Providers Make With Core Module Compliance

Understanding the standards is only half the challenge. Many providers know what is required but still fall short at audit time due to avoidable preparation gaps. Here are the most common mistakes and how to avoid them.

Generic Policies That Do Not Reflect Real Practice

Using downloaded policy templates that are not customised to your specific organisation, support types, and participant cohort is one of the most common audit failures. Auditors will ask workers to describe how a policy is implemented in practice — and if the answer does not match the document, or if workers have never seen it, the policy does not count as evidence. Every policy must reflect your actual operations and be reviewed annually.

Incomplete or Outdated Worker Records

Worker screening clearances must be current and on file before a worker begins a risk-assessed role. Training records must show completion dates and topics covered. Supervision notes must be documented, not just verbal. Performance reviews must happen on a scheduled basis and be recorded. Missing or outdated records in any of these areas can trigger non-conformance findings.

Incident and Complaints Systems That Are Not Active

Having an incident register is not the same as having an active incident management system. Auditors want to see that incidents are recorded in real time, investigated systematically, and used to drive improvements. If your register has no entries — or entries with no follow-up actions — this signals that the system is not functioning as intended.

Support Plans That Are Not Participant-Driven

Support plans that read as provider-driven documents, without genuine evidence of participant involvement in their development, do not satisfy Standard 3 quality indicators. Plans should include the participant’s own words describing their goals where possible, evidence of consent, and documented review cycles that participants are actively involved in.

How Inficurex Helps With Core Module Compliance

Staying compliant with all four core module standards requires ongoing attention to systems, documentation, and practice — not just a pre-audit scramble. Inficurex gives NDIS providers the operational infrastructure to maintain audit-ready compliance every day.

Our platform supports core module compliance by centralising participant support plans, service agreements, incident and complaints registers, worker records, and progress notes in one accessible location. Workers can document support delivery in real time, managers can review compliance evidence across the organisation, and audit preparation becomes a reporting exercise rather than a documentation crisis. Our NDIS software for providers is designed around the evidence requirements auditors actually look for.

Pair our compliance tools with our NDIS compliance checklist and practice standards guide to build a complete compliance management system that supports both participant outcomes and regulatory requirements.

Frequently Asked Questions About NDIS Core Module Practice Standards

What is the NDIS core module?

The NDIS core module is the set of four practice standards that all registered providers requiring certification must comply with. It covers participant rights and responsibilities, provider governance and operational management, provision of supports, and provision of supports environment. It forms the compliance baseline that applies to all providers before any supplementary modules are added.

Does the core module apply to all NDIS providers?

The core module applies to all providers undergoing a certification audit, which typically covers providers delivering higher-risk or complex supports. Providers of lower-risk supports follow the verification pathway instead, which has lighter requirements. Your applicable audit pathway is determined by the registration groups you select during the registration process.

What are quality indicators in the NDIS core module?

Quality indicators are the specific, auditable evidence points beneath each practice standard. They are framed as questions that help auditors assess whether the standard is genuinely being met in daily practice. Quality indicators guide the evidence you need to collect and maintain, such as worker training records, participant support plans, risk registers, and governance documents.

How much evidence is required for core module compliance?

Evidence requirements are proportionate to your organisation’s size, the complexity of supports you deliver, and the associated risks. A small provider delivering personal care to a handful of participants needs less documentation complexity than a large provider running multiple residential sites. However, all providers must demonstrate that their systems genuinely function — not merely that policies exist on paper.

What is the most important standard in the core module?

All four standards are equally important for compliance purposes, but Standard 2 (Provider Governance and Operational Management) is often the most complex to implement because it underpins the others. Strong governance means strong risk management, strong incident systems, strong HR practices, and strong continuity of supports — all of which directly affect participant safety and service quality.

What happens at an NDIS certification audit?

An approved quality auditor reviews your documentation against all applicable quality indicators and may conduct a site visit depending on your support complexity. The auditor will also engage directly with participants to gather feedback on their actual experience of your services. The audit assesses whether evidence is proportionate to your size and complexity and whether systems are genuinely implemented in practice.

How should I prepare my service agreements for a core module audit?

Service agreements must clearly state the supports to be provided, how and when they will be delivered, and the terms under which they are provided. They must be written in language participants can understand, signed by participants or their authorised representatives, and reviewed when participant needs change. Our NDIS service agreement template provides a compliant starting point that you can customise for your organisation.

Can I use software to help manage core module compliance?

Yes. Purpose-built NDIS provider software can significantly reduce the administrative burden of compliance by centralising documentation, generating audit-ready reports, and automating evidence trails for incident management, support delivery, and worker records. This ensures evidence is available when you need it rather than created retrospectively under audit pressure.