NDIS Practice Standards: The Complete Provider Guide 2025

Q: What is the difference between the core module and supplementary modules?

The core module applies to all certification providers and contains four universal standards. Supplementary modules apply additionally to providers offering specific services such as specialist behaviour support, high intensity personal activities, early childhood supports, or specialist disability accommodation.

Q: What happens if a provider fails the NDIS practice standards audit?

Non-compliance can result in compliance notices, conditions on registration, suspension of registration, or in serious cases, being banned from the NDIS market. The Commission also provides voluntary compliance support for providers working to address gaps.

Q: Do unregistered providers need to comply with the NDIS practice standards?

Unregistered providers are not audited against practice standards but must comply with the NDIS Code of Conduct. Registration and practice standards compliance signals a higher quality commitment and is often a competitive advantage.

Q: What evidence do I need for an NDIS practice standards audit?

Commonly required evidence includes policies and procedures, risk registers, incident and complaints registers, worker screening records, training records, participant support plans, service agreements, governance records, and business continuity plans. Evidence must reflect actual practice proportionate to your organisation's size and complexity.

Every registered NDIS provider in Australia must comply with the NDIS practice standards — a comprehensive framework of quality and safety requirements established by the NDIS Quality and Safeguards Commission. Whether you are preparing for your first audit or renewing your registration, understanding these standards is not optional. Non-compliance can result in sanctions, loss of registration, or — in serious cases — significant financial penalties. In 2025, a Tasmanian provider was fined $1.1 million for failures in care plans, staff training, and incident reporting. This guide covers all four practice standards modules, how quality indicators work, the difference between verification and certification, and exactly what you need to demonstrate compliance.

What Are the NDIS Practice Standards?

The NDIS practice standards are a set of outcome-focused requirements that all registered NDIS providers must meet. They define the quality and safety benchmarks against which providers are assessed during registration audits. Each standard is expressed as a participant-focused outcome statement, supported by quality indicators that describe how that outcome can be demonstrated.

These standards sit alongside the NDIS Code of Conduct to form the cornerstone of Australia’s disability service quality framework. While the Code of Conduct governs the behaviour of individual workers, the practice standards set expectations for the systems, processes, and service environments that providers operate. Together, they ensure participants receive safe, consistent, and person-centred support regardless of which provider they choose.

The standards are modular in structure. This means the specific modules that apply to your organisation depend on the types of supports you deliver and the registration groups you select during the application process. The NDIS Commission uses these standards as the primary audit tool to assess whether providers are eligible for registration and whether registered providers continue to meet the required benchmarks.

The 4 Modules of the NDIS Practice Standards: Core vs Supplementary

The NDIS practice standards are organised into a core module and several supplementary modules. The core module contains four distinct practice standards that apply to all providers undergoing certification. Supplementary modules apply on top of the core, based on the specific supports a provider delivers. Understanding the difference between core and supplementary is essential for planning your audit preparation and compliance strategy.

Core Module Overview

The core module applies to all registered providers who require a certification audit — that is, providers delivering higher-risk or more complex supports. It contains four practice standards that address participant rights, governance, support delivery, and the support environment. All four must be demonstrated during your audit.

Supplementary Modules Overview

Supplementary modules address specialised practice areas. They apply in addition to the core module when a provider is registered for specific support types. The six supplementary modules cover:

High Intensity Daily Personal Activities — complex care such as enteral feeding, tracheostomy care, complex bowel care, and ventilator management
Specialist Behaviour Support — developing and implementing behaviour support plans using evidence-based practices
Implementing Behaviour Support Plans — for providers who implement plans or use restrictive practices in their delivery
Early Childhood Supports — family-centred early intervention for children with developmental delays or disabilities
Specialist Support Coordination — coordination services for participants with complex needs requiring navigation of multiple systems
Specialist Disability Accommodation (SDA) — safe, accessible housing for participants with extreme functional impairments

There is also a Verification Module for lower-risk providers. This module applies instead of the full certification pathway and requires evidence in only three areas: human resource management, incident management, and complaints management.

NDIS Practice Standards Core Module: All 4 Standards Explained

The four practice standards within the core module form the foundation of NDIS compliance for registered providers. Each standard contains multiple sub-elements, each with its own quality indicators. Here is a complete breakdown of what each standard requires.

Standard 1: Rights and Responsibilities

This standard focuses on upholding participants’ legal and human rights and ensuring providers meet their responsibilities toward the people they support. It is the most participant-facing standard in the core module.

The sub-elements within Standard 1 include:

Person-centred supports — supports must promote, uphold, and respect participants’ legal and human rights while enabling informed choice and control over their lives
Individual values and beliefs — supports must respect each participant’s culture, diversity, values, and beliefs without imposing the worker’s own preferences
Privacy and dignity — providers must protect participants’ dignity and their right to privacy in all aspects of support delivery
Independence and informed choice — participants must be actively supported to make informed decisions and maximise their independence, including understanding the dignity of risk
Freedom from violence, abuse, neglect, exploitation, and discrimination — zero tolerance for any form of harm, with clear policies, procedures, and responsive actions when reports are made

Quality indicators for Standard 1 ask auditors to assess whether workers understand participant rights, whether communication is adapted to each person’s needs, and whether there are robust policies preventing harm. Evidence typically includes the worker screening records, Code of Conduct acknowledgements, participant support plans, and file notes showing rights are upheld in daily practice.

Standard 2: Provider Governance and Operational Management

This is the most comprehensive standard in the core module. It covers the internal systems, governance structures, and operational processes that enable a provider to deliver safe, consistent, and high-quality services. Strong governance directly affects every other standard.

The sub-elements within Standard 2 include:

Governance and operational management — robust systems proportionate to the provider’s size, scale, and support complexity, including board oversight and clear delegation of authority
Risk management — documented risk identification, assessment, and mitigation processes covering participant risks, financial risks, and workplace safety
Quality management — a quality management system that links governance to participant outcomes, including internal audits and continuous improvement registers
Information management — accurate, current, and confidential participant records, with appropriate access controls and storage procedures
Feedback and complaints management — an accessible complaints system that participants, families, and workers can use, with respectful resolution processes
Incident management — an effective incident management system that captures, investigates, and responds to reportable incidents as required by the NDIS Commission
Human resource management — competent workers with relevant qualifications, up-to-date worker screening clearances, and documented supervision and performance review processes
Continuity of supports — timely delivery of supports without interruption, including business continuity planning for emergencies and disasters

In 2025, auditors place heightened scrutiny on emergency and disaster management within this standard. Providers must now demonstrate documented emergency policies with defined roles, evidence of staff training and mock drills, and communication plans tailored to participants’ communication needs.

Standard 3: Provision of Supports

Standard 3 sets out what providers must do when delivering supports to participants. It focuses on the planning, agreement, and responsive delivery of services aligned with each participant’s individual goals and needs.

The sub-elements within Standard 3 include:

Access to supports — supports are available and accessible in ways that meet participants’ specific needs, goals, and preferences
Support planning — participants are actively involved in developing, implementing, and regularly reviewing their support plans, with their preferences documented and communicated to workers
Service agreements with participants — clear written agreements that participants understand, covering what supports will be provided, how, and under what conditions
Responsive support provision — supports are delivered in a timely, competent, and appropriate manner that genuinely addresses participants’ changing needs and goals
Transitions to or from a provider — planned and well-coordinated transitions that protect participants from disruption when changing providers or services

Evidence for Standard 3 includes service agreements, participant support plans, staff rosters, file notes, and records of support plan reviews. A well-structured NDIS service agreement is one of the most important documents an auditor will review under this standard.

Standard 4: Provision of Supports Environment

This standard addresses the physical and operational environment in which supports are delivered. It ensures participants are safe from environmental hazards and that practical aspects of care — such as medication, meals, and financial management — are handled appropriately.

The sub-elements within Standard 4 include:

Safe environment — appropriate, well-maintained, and safe physical environments for support delivery
Participant money and property — secure management and clear accountability for any participant funds or property held by the provider
Management of medication — competent administration, secure storage, and accurate monitoring of participants’ medications, with qualified staff and documented protocols
Mealtime management — nutritious meals prepared and delivered according to each participant’s individual dietary needs, preferences, and clinical requirements
Management of waste — protection of participants, workers, and others from harm caused by waste, infectious substances, or hazardous materials generated during support delivery

Mealtime management became a renewed focus in 2025, with auditors requiring documented mealtime management plans for each participant who needs them, evidence of qualified staff involvement, annual plan reviews, and environmental safety measures to reduce choking risk. Collaboration with speech pathologists and dietitians is now an expected part of demonstrating compliance.

NDIS Quality Indicators: How They Work

Each practice standard is supported by a set of quality indicators. These are the specific, measurable evidence points that auditors look for to determine whether a provider is genuinely meeting the standard. Quality indicators move the assessment from abstract outcomes to concrete, demonstrable actions.

Quality indicators are not a checklist in the traditional sense — they are framed as questions that auditors use to probe whether systems are working in practice, not just on paper. For example, under human resource management, an auditor might ask: “Is there a system to identify what training workers need? Is this training planned, recorded, and evaluated for effectiveness?”

The evidence required to satisfy quality indicators must be proportionate to the size, scale, and complexity of your organisation. A solo provider delivering low-complexity supports is not expected to provide the same level of documentation as a large organisation supporting hundreds of participants. However, all providers must demonstrate that their systems genuinely function — not merely that policies exist.

Key types of evidence that satisfy quality indicators across the core module include:

Policies and procedures with version history and review dates
Risk registers and risk assessments
Incident registers and investigation records
Worker screening clearances, training records, and performance reviews
Participant support plans, service agreements, and file notes
Board meeting minutes and governance decisions
Complaints registers and resolution records
Business continuity and emergency management plans
Internal audit schedules, reports, and continuous improvement registers

NDIS Verification vs Certification: Which Audit Pathway Applies?

One of the most common questions from new providers is which audit pathway they need to follow. The answer depends entirely on the registration groups you select and the complexity of the supports you intend to deliver.

NDIS Verification Audit

The verification pathway applies to providers delivering lower-risk, lower-complexity supports. Examples include household tasks, transport, or community access activities where the risk of harm is relatively low. The verification module requires evidence in only three areas: human resource management, incident management, and complaints management.

Verification is assessed through a desktop audit — an approved quality auditor reviews your documentation without necessarily conducting a site visit. This is a proportionate approach that recognises the lower risk profile of these services.

NDIS Certification Audit

The certification pathway applies to providers delivering higher-risk or more complex supports. This includes personal care, supported independent living, specialist behaviour support, early childhood supports, and any services involving clinical or complex health needs. All four core module standards apply, plus any relevant supplementary modules.

Certification audits involve both document review and direct engagement with participants to gather feedback on their actual experience of services. The audit is conducted by an approved quality auditor who assesses evidence proportionate to the provider’s size and complexity.

Comparison Table

Aspect	Verification	Certification
Support complexity	Lower-risk, lower-complexity	Higher-risk, complex supports
Standards assessed	HR, Incident, Complaints management	All 4 core standards + supplementary modules
Audit method	Desktop review	Document review + participant interviews
Evidence level	Proportionate to lower complexity	Proportionate to size and support complexity
Frequency	Every 3 years at re-registration	Mid-term and renewal audits

2025–2026 NDIS Practice Standards Changes Providers Must Know

The NDIS regulatory landscape is evolving significantly in 2025 and 2026. Providers who stay ahead of these changes are far better positioned for successful audits and continued registration.

Key 2025 Updates

Several areas of the practice standards received increased scrutiny in 2025. Emergency and disaster management now requires specific documented evidence including emergency policies with clearly defined staff roles, records of training and mock emergency drills, and tailored communication plans for participants with complex communication needs. Providers must also demonstrate that essential supports can continue during power failures, extreme weather events, and pandemics.

Governance and operational management requirements were strengthened. Auditors now specifically look for board oversight records including meeting minutes that show active decision-making, financial risk management frameworks, documented delegation of authority, and evidence that governance systems link directly to participant outcome improvements.

Human resource management expectations also increased. Every worker must hold an NDIS worker screening clearance, have completed Code of Conduct training with refreshers, and have documented competency checks aligned to the specific supports they deliver. Supervision records and performance feedback documentation are now closely reviewed.

2026 Regulatory Reform

From 1 July 2026, mandatory registration will be introduced for Supported Independent Living (SIL) providers and platform-based providers. The NDIS Commission has confirmed that new SIL-specific practice standards are currently being developed and tested through simulated audits. Providers delivering SIL should begin strengthening governance systems, updating policies, and aligning day-to-day practices now to prepare for the transition period.

The Commission has also signalled broader practice standards reform, including consultation on four proposed core practice domains as a potential replacement for the current modular structure. Submissions from peak bodies in late 2025 have called for stronger emphasis on supported decision-making, dignity of risk, and rights-based practice across all domains.

What Does NDIS Practice Standards Compliance Actually Look Like?

Many providers confuse having policies with demonstrating compliance. The NDIS Commission is clear: simply having a document is not enough. You must show that the policy is actively implemented in daily practice.

Compliance means your systems work, your workers use them, and you can prove it. Here is what genuine compliance looks like in practice:

Policies are current, reviewed annually, and written specifically for your organisation — generic templates will not satisfy auditors
Workers know and follow the policies — training records, supervision notes, and observation during the audit all provide evidence of this
When things go wrong, your incident and complaints systems are activated and documented — investigators are named, timelines are followed, and improvements are recorded in a continuous improvement register
Participant voices genuinely shape your services — feedback surveys, participant representation in governance, and documented corrective actions based on complaint trends all demonstrate this
Your risk management system is live and updated — risks are reviewed, assessed, and actioned on a regular basis, not just at registration time

Software platforms like those covered in our NDIS software guide can significantly simplify compliance by centralising documentation, automating audit trails, and making it easy to generate the evidence auditors require.

How to Prepare for Your NDIS Practice Standards Audit

Audit preparation should be an ongoing process, not a last-minute scramble. Here is a structured approach to getting audit-ready:

Conduct a gap analysis — review every quality indicator in your applicable modules and honestly assess where your current evidence falls short
Update all policies and procedures — ensure each document reflects your actual operations, includes version history and review dates, and is written in plain language workers can follow
Train all staff — deliver and document training on the Code of Conduct, risk management, emergency procedures, and participant rights, including refresher training for existing workers
Review your risk register — make sure it covers participant risks, financial risks, workplace safety risks, and operational risks, and that it is actively maintained
Audit your incident and complaints registers — check that all incidents are recorded, investigated, and reported to the Commission where required, and that complaints are responded to within appropriate timeframes
Collect participant feedback — use accessible survey formats and document how feedback has influenced service improvements
Conduct an internal audit — simulate the external audit process by reviewing your own documentation against the quality indicators, or engage a consultant to identify gaps before your official audit

Using our NDIS compliance checklist is a practical starting point for identifying gaps across all four core module standards. Our provider registration checklist provides additional guidance for providers preparing for initial registration or re-registration in 2025.

How Inficurex Helps With NDIS Practice Standards Compliance

Managing NDIS practice standards compliance across all four core modules — while simultaneously delivering quality services to participants — is a significant operational challenge. Inficurex is purpose-built for NDIS providers who need to stay audit-ready without drowning in paperwork.

Our platform centralises the documentation, reporting, and workflow tools that directly support your compliance evidence. From progress notes and service agreements to incident logs and support plans, every interaction is documented and accessible when you need it. Our rostering software also helps you maintain continuity of supports, a key quality indicator under Standard 2.

Ready to strengthen your practice standards compliance? Explore how Inficurex can simplify your audit preparation and help you deliver consistently excellent services to every participant you support.

Frequently Asked Questions About NDIS Practice Standards

What are the 4 NDIS practice standards?

The 4 NDIS practice standards within the core module are: (1) Rights and Responsibilities, (2) Provider Governance and Operational Management, (3) Provision of Supports, and (4) Provision of Supports Environment. These four standards apply to all providers undergoing certification audits and cover participant rights, internal governance, support delivery, and the environment in which supports are provided.

Are NDIS practice standards mandatory for all registered providers?

Yes. All registered NDIS providers must comply with the practice standards relevant to their registration groups. Providers delivering higher-risk supports must meet the full certification module requirements, while providers of lower-risk supports follow the simplified verification pathway. Compliance is assessed through regular audits conducted by approved quality auditors.

What is the difference between the core module and supplementary modules?

The core module applies to all providers requiring certification and contains four universal standards covering rights, governance, support delivery, and support environment. Supplementary modules apply on top of the core to providers offering specific, higher-complexity services such as specialist behaviour support, high intensity daily personal activities, early childhood supports, specialist support coordination, or specialist disability accommodation.

How often are NDIS providers audited against the practice standards?

Registration periods are typically three years. Certification providers undergo an audit at mid-term (around 18 months) and at renewal. Verification providers are audited at renewal every three years. Providers may also be subject to unplanned audits if complaints or serious incidents trigger regulatory review by the NDIS Commission.

What happens if a provider fails the NDIS practice standards audit?

If a provider does not demonstrate compliance with the practice standards, the NDIS Commission can take a range of actions. These include issuing compliance notices requiring corrective action within a specified timeframe, imposing conditions on registration, suspending registration, or in serious cases, banning a provider from the NDIS market. Voluntary compliance support is also available for providers working to address identified gaps.

Do unregistered providers need to comply with the NDIS practice standards?

Unregistered providers are not audited against the practice standards, but they must still comply with the NDIS Code of Conduct. Participants using self-managed or plan-managed funding can choose unregistered providers. However, registration and compliance with practice standards signals a higher commitment to quality and is often a competitive advantage in the market. See our guide to registered vs unregistered NDIS providers for a full comparison.

What evidence do I need for an NDIS practice standards audit?

Evidence requirements are proportionate to your organisation’s size and the complexity of supports you deliver. Commonly required documents include: policies and procedures with version history, risk registers, incident and complaints registers, worker screening records, training and supervision records, participant support plans, service agreements, governance records such as board minutes, and business continuity plans. Each document must reflect your actual practice, not just an aspirational standard.

How will the 2026 NDIS regulatory reforms affect practice standards?

From 1 July 2026, SIL and platform providers will face mandatory registration requirements. New SIL-specific practice standards are being developed and tested through simulated audits. The NDIS Commission is also consulting on a broader reform of the practice standards framework, potentially introducing four core practice domains to replace the current modular structure. Providers should monitor the Commission’s regulatory reform roadmap and begin preparing for certification requirements now.