Evidence Requirements for NDIS Practice Standards Compliance

When an approved quality auditor walks into your organisation, they are looking for one thing above all else: NDIS practice standards evidence. Not good intentions. Not verbal assurances. Not promises about what you plan to do. Auditors need documented, verifiable proof that your systems are live, your policies are implemented, and your participants are receiving safe, high-quality supports. Yet evidence requirements are one of the least understood aspects of NDIS compliance — and gaps in documentation are the most common cause of audit non-conformities. This deep-dive guide explains exactly what evidence auditors require, how to organise it, and how to stay audit-ready all year round in 2025 and beyond.

What Is NDIS Practice Standards Evidence?

NDIS practice standards evidence is any documented, observable, or verifiable proof that demonstrates your organisation meets the requirements of the NDIS Practice Standards and their associated quality indicators. Evidence can take many forms — written policies, completed forms, training records, participant files, meeting minutes, and data reports — but it must be proportionate to the size and complexity of your organisation.

The NDIS Quality and Safeguards Commission requires that auditors collect four specific types of evidence during an audit:

Information directly from participants — interviews and feedback on their experience of your services.
Information from family members, carers, nominees, and independent advocates — with participant consent.
The documented support plan and evidence of its delivery — showing that planned supports are actually being delivered.
All supports delivered to the participant — a comprehensive record of every service provided.

This framework means evidence is not just about having the right policies. Auditors assess whether your policies translate into real-world practice — and whether participants are experiencing the outcomes those policies are designed to deliver. See our NDIS practice standards guide for context on each standard’s requirements.

NDIS Audit Evidence: Verification vs Certification Pathways

The level and type of NDIS audit evidence required depends on whether you are on the verification or certification pathway. Understanding this distinction is critical before you start organising your documentation.

Verification Pathway Evidence Requirements

The verification pathway applies to providers delivering lower-risk, lower-complexity supports — often allied health professionals regulated by external bodies such as AHPRA. The verification audit is a desktop review only. No site visit occurs. Auditors review documentation submitted electronically.

Required evidence for the verification module includes:

Human Resource Management — Worker screening checks (NDIS Worker Screening Check), proof of identity, professional qualifications and registrations, experience records, ongoing professional development documentation, and completion of the NDIS mandatory worker orientation module.
Incident Management — A current incident management policy, an incident register recording all incidents and their resolutions, and evidence that incidents have been reported to the NDIS Commission where required.
Complaints Management — A complaints handling policy and procedure, a complaints register showing complaints received and how they were resolved, and evidence of participant awareness of the complaints process.
Insurance — Current certificates of professional indemnity and public liability insurance.
Risk Management — A documented risk management system proportionate to the scale of your operations.

For the verification pathway, auditors are looking for evidence that your systems exist and are being applied. The evidence threshold is lower than certification, but documentation gaps still result in non-conformities.

Certification Pathway Evidence Requirements

Certification applies to providers delivering higher-risk, more complex supports — including personal care, community participation, specialist disability accommodation, and behaviour support. The certification audit has two stages:

Stage 1 (Desktop audit) — Auditors review all your policies, procedures, and documented systems. They assess whether your documentation meets each relevant Practice Standards quality indicator.
Stage 2 (Site visit) — Auditors observe your operations in practice, interview participants and workers, and review participant files to verify that your documented systems are actually implemented.

This two-stage process means certification providers need two layers of evidence: documented systems that look right on paper, AND real-world operational evidence showing those systems are working. This distinction is where many providers stumble — having excellent policies but poor implementation evidence. Our NDIS compliance checklist helps you address both layers systematically.

Practice Standards Documentation: Core Module Evidence Guide

Below is a systematic breakdown of the practice standards documentation required for each section of the core module. This is what certification auditors will look for during both Stage 1 and Stage 2.

1. Rights and Responsibilities — Required Evidence

This section requires proof that your organisation actively protects participant rights in practice, not just in policy statements. Key evidence includes:

A statement of participant rights in accessible formats (including Easy English versions)
Participant information packs provided at intake showing rights and responsibilities
Signed consent forms for information collection and use
Service agreements that clearly explain participant rights
Staff Code of Conduct agreements signed by all workers
Training records confirming all workers completed the NDIS mandatory worker orientation module
Position descriptions that include rights promotion responsibilities
Evidence that participants have been informed about and can access the complaints process
Records showing how participants are involved in decision-making about their supports

A common audit finding is the absence of accessible-format rights information. If you support participants with communication needs, your rights information must be provided in formats they can actually understand and use.

2. Provider Governance and Operational Management — Required Evidence

Governance evidence demonstrates that your organisation has robust management systems operating effectively. Auditors want to see:

Governance structure — Board constitution (for organisations), board meeting minutes, an operational plan showing how your organisation manages its obligations, and a compliance register tracking regulatory requirements.
Risk management — A documented risk register covering participant safety, worker safety, financial risks, operational continuity, and compliance risks. The risk register must be current and show regular review. Providers must identify, analyse, prioritise, and treat risks across the entire organisation.
Quality management — A documented internal audit schedule and records of completed internal audits. The NDIS Commission requires a program of internal audits relevant to the size and complexity of your operations. Review findings and corrective actions must be documented.
Information management — A privacy policy and procedure, records management system, staff training on privacy, and evidence that participant information is stored securely and accessed only by authorised personnel.
Feedback and complaints — A complaints policy and procedure, a complaints register with records of all complaints received, investigation outcomes, and resolutions. Evidence of how complaints data informs continuous improvement.
Incident management — An incident management policy and procedure, an incident register, evidence of incident investigations, corrective actions implemented, and staff training records on incident reporting. For guidance on this area, see our NDIS incident management guide and reportable incidents guide.
Human resource management — Staff files for all workers including NDIS Worker Screening Check documentation, identity verification, qualifications, training records, supervision records, and performance reviews. See our NDIS worker screening guide for detailed screening requirements.
Emergency and disaster management — An emergency and disaster management plan tailored to your operations and participant needs. This became a mandatory standard in January 2022. Plans must be participant-specific and regularly tested.

3. Provision of Supports — Required Evidence

Support delivery evidence must show that participants are actively involved in planning their supports and that services are delivered responsively and safely:

Access to supports — Documentation of how participants are assessed for support access, including any entry criteria and associated costs, clearly communicated at intake.
Support planning — Current support plans for each participant, developed collaboratively with participants. Plans must include risk assessments, participant goals, support strategies, and regular review dates. Evidence that participants have signed off on their support plans.
Service agreements — A current, signed service agreement for every participant. Agreements must clearly outline the supports to be provided, the associated costs, the provider’s and participant’s rights and responsibilities, and the complaints and cancellation processes. Use our NDIS service agreement template to ensure completeness.
Responsive support provision — Progress notes demonstrating that supports were delivered as agreed, that workers responded to participant needs, and that services were adjusted when circumstances changed. Our NDIS progress notes guide explains what good progress notes look like.
Transitions — Documented transition plans for participants entering or leaving your services, showing coordination with other providers and minimisation of disruption.

4. Provision of Supports Environment — Required Evidence

Environmental evidence demonstrates that the settings in which you deliver supports are safe and appropriate:

Safety inspection records for all support environments
Participant money and property management records (receipts, registers, banking records)
Medication administration records and medication management protocols
Mealtime management plans and dysphagia protocols where relevant
Waste management procedures

Compliance Evidence Requirements: What Auditors Actually Assess

Experienced auditors look beyond the existence of documents. During Stage 2 certification audits, they apply a key test: do the documented systems match operational reality? Here is what this means in practice:

The Proportionality Principle

A critical aspect of compliance evidence requirements is proportionality. The NDIS Commission explicitly states that evidence must be proportionate to the size and scale of the provider and the complexity of supports provided. A sole trader supporting three participants is not expected to produce the same volume of governance documentation as a large national provider. However, every registered provider — regardless of size — must demonstrate that their systems are working effectively for their specific context.

This means small providers should not try to replicate large-organisation documentation systems. Instead, they should ensure their evidence clearly demonstrates their systems are fit for purpose at their scale.

How Auditors Rate Evidence

Each Practice Standard quality indicator receives a rating during the audit:

Rating 3 — Best Practice Conformity: Evidence demonstrates practices exceed requirements and contribute to continuous improvement.
Rating 2 — Conformity: Evidence fully meets all requirements of the quality indicator.
Rating 1 — Minor Non-Conformity: Evidence shows partial compliance. A corrective action plan is required, typically resolved before the next audit cycle.
Rating 0 — Major Non-Conformity: Evidence demonstrates systemic failure or significant gaps. Must be resolved before registration can be granted or renewed.

Common Evidence Gaps That Cause Non-Conformities

These are the most frequently identified evidence gaps in NDIS audits:

Unsigned or outdated service agreements — Many providers have service agreement templates but fail to ensure every participant has a current, signed agreement on file.
Missing or incomplete progress notes — Progress notes that do not link to participant goals or do not demonstrate responsive support adjustment are a common weakness.
Generic policies not tailored to the organisation — Purchased template policies that have not been customised to reflect actual operations will trigger non-conformities. Auditors can identify generic documents.
No risk register or outdated risk register — The risk register must be a living document. A risk register completed at registration and never updated since will fail the audit.
Incomplete worker files — Missing NDIS Worker Screening Check documentation, expired qualifications, or no record of mandatory training completion are very common findings.
No internal audit program — The Practice Standards require a documented program of internal audits. Many providers conduct informal reviews but do not document them — resulting in no audit trail.
Insufficient participant involvement evidence — Auditors look for evidence that participants are genuinely involved in their support planning, not just signing forms they were not consulted on.

Building an Audit-Ready Evidence System

The most effective approach to Practice Standards evidence management is building systems that generate compliance evidence as a natural by-product of good operational practice — not as a separate documentation task done before audits.

Step 1: Map Your Practice Standards to Evidence Types

Start by listing every quality indicator relevant to your registration groups. For each indicator, identify exactly what evidence your organisation would need to demonstrate compliance. This mapping exercise becomes your evidence checklist — and your ongoing audit preparation tool.

Step 2: Implement Systems That Capture Evidence Automatically

Use NDIS provider software to automate evidence capture wherever possible. Purpose-built NDIS platforms generate progress notes, incident reports, complaints records, and billing documentation in a structured format that is automatically audit-ready. This dramatically reduces the administrative burden of evidence management.

Step 3: Establish a Policy Review Calendar

All policies and procedures must be reviewed at least annually. Set calendar reminders for every policy review date and document each review with the date, reviewer, changes made, and board or management approval. Outdated policies — particularly those that do not reflect changes to the NDIS Act or Commission guidance — are a significant source of non-conformities.

Step 4: Conduct Quarterly Internal Audits

Schedule and document internal audits at least quarterly. Each internal audit should review a sample of participant files, check staff records for compliance, verify that incident and complaints registers are current, and assess policy implementation in practice. Document the findings, corrective actions, and follow-up outcomes for each internal audit.

Step 5: Maintain a Continuous Compliance Folder

Designate a specific location — digital or physical — where all audit-critical documents are stored and maintained. This compliance folder should be accessible to auditors immediately upon request. Include all current policies, insurance certificates, worker screening records, training logs, and a summary index of where each piece of evidence is located.

Step 6: Prepare Participants and Workers for Stage 2 Interviews

For certification providers, Stage 2 audit interviews are a critical evidence source. Prepare your participants by explaining the audit process in accessible language and assuring them their feedback is valued. Brief workers on the audit scope and ensure they understand the systems they are expected to demonstrate. Worker interviews that reveal unfamiliarity with documented policies are a red flag for auditors.

2025 Evidence Requirements: What Has Changed

Several regulatory changes in 2024 and 2025 have introduced new evidence requirements that providers must address:

Evidence-based supports documentation — The October 2024 guideline updates require providers to demonstrate that therapeutic supports are evidence-based. Allied health providers must maintain clinical protocols aligned with validated, evidence-backed practices and document how services are assessed for evidence quality.
Outcome measurement — Providers are increasingly expected to demonstrate measurable outcomes from the supports they deliver. Progress notes and support plans should show how supports are tracking against participant goals.
Enhanced data security standards — Audits now include scrutiny of how participant data is stored, managed, and protected. Digital systems must meet appropriate data security standards.
New SIL Practice Standards (in development) — Upcoming Practice Standards for Supported Independent Living providers will introduce new evidence requirements around participant safety, human rights, and worker training specific to SIL environments.

Staying current with these changes is essential. Visit the NDIS website and the NDIS Commission regularly for updates to standards and guidelines.

Evidence Requirements for Specialist Modules

Providers delivering specialist supports must meet additional evidence requirements for their relevant supplementary modules. Here is a summary of the key additional evidence for the most common specialist modules:

Specialist Behaviour Support Evidence

Functional behaviour assessments for each participant receiving behaviour support
Behaviour Support Plans developed and reviewed by qualified practitioners
Restrictive practice authorisations from the relevant state or territory body
Records of all uses of regulated restrictive practices, reported to the NDIS Commission
Evidence of monitoring and review of behaviour support plan effectiveness

High Intensity Daily Personal Activities Evidence

Competency records for each worker delivering high-intensity supports (e.g., complex bowel care, tracheostomy management)
Clinical protocols developed by qualified health professionals
Individual health plans for each participant receiving high-intensity supports
Regular clinical review documentation

Specialist Support Coordination Evidence

Evidence of conflict of interest management processes
Records of how support coordination services have navigated complex service systems for participants
Documentation of how NDIS funds have been managed on behalf of participants

For support coordination providers, also review our NDIS support coordination best practices guide and NDIS plan management guide.

How Inficurex Supports Evidence-Ready Compliance

Building and maintaining an evidence-ready compliance system does not have to be a manual, time-consuming process. Inficurex provides NDIS providers with the tools, templates, and software systems needed to capture, organise, and maintain Practice Standards evidence automatically. Our NDIS software for providers integrates progress notes, incident management, billing, and staff records into a single platform that generates audit-ready documentation as part of everyday operations. Combined with our NDIS compliance checklist and guidance resources, providers can approach every audit cycle with confidence — knowing their evidence is complete, current, and proportionate to their operations.

Frequently Asked Questions

What evidence do NDIS auditors collect during an audit?

NDIS auditors collect four types of evidence: direct information from participants, information from family members and carers (with consent), the participant’s documented support plan and evidence of delivery, and records of all supports delivered. Auditors also review policies, procedures, staff records, and incident and complaints registers.

What is the difference between verification and certification audit evidence requirements?

Verification audits are desktop reviews requiring evidence of HR management, incident management, complaints management, insurance, and risk management. Certification audits have two stages — a desktop policy review plus a site visit where auditors interview participants and workers and review participant files to verify systems are implemented in practice.

How much evidence do small NDIS providers need to provide?

Evidence must be proportionate to the size and scale of the provider and the complexity of supports. Small providers are not expected to produce the same volume of governance documentation as large organisations, but they must still demonstrate that their systems are working effectively for their specific context.

What are the most common evidence gaps found in NDIS audits?

The most common gaps include unsigned or outdated service agreements, incomplete progress notes, generic policies not tailored to the organisation, outdated risk registers, incomplete worker files (missing screening checks or training records), no internal audit program, and insufficient evidence of participant involvement in support planning.

How often should NDIS providers review their policies and procedures?

All policies and procedures should be reviewed at least annually. Reviews must be documented with the date, changes made, and management approval. Policies must reflect current NDIS Commission rules and guidelines — including recent updates such as the October 2024 evidence-based supports requirements.

Do NDIS practice standards require progress notes as evidence?

Yes. Progress notes are a key piece of evidence for the Provision of Supports standard. They must demonstrate that supports were delivered as agreed, that workers responded to participant needs, and that services were adjusted appropriately. Vague, inconsistent, or absent progress notes will result in non-conformities.

What evidence is required for the Emergency and Disaster Management standard?

Providers must have a documented emergency and disaster management plan tailored to their operations and participant needs. Plans must be participant-specific, regularly reviewed, and tested. This standard became mandatory in January 2022 and is assessed at every certification audit.

How should providers prepare for a Stage 2 certification audit site visit?

Providers should ensure all participant files are complete and current, brief workers on audit processes and the systems they are expected to demonstrate, prepare participants by explaining the audit in accessible language, conduct a mock internal audit beforehand to identify and resolve gaps, and have a designated person available to guide auditors throughout the visit.