NDIS Practice Standards for New Providers: Getting Started

Starting out as an NDIS provider can feel overwhelming. There are registration forms to complete, auditors to engage, and a long list of obligations to understand. At the heart of all of it sit the NDIS practice standards new providers must meet — the benchmark that determines whether your organisation is ready to safely deliver funded supports. Many new providers do not know where to begin, which standards apply to them, or what compliance actually looks like on the ground. This guide breaks it all down. You will learn exactly which NDIS practice standards new providers need to prioritise, what steps to take first, and how to build a compliance foundation that holds up during an audit and protects the people you support.

What Are NDIS Practice Standards?

The NDIS Practice Standards are a set of quality and safety benchmarks set by the NDIS Quality and Safeguards Commission. They describe the outcomes that registered providers must achieve when delivering supports and services. Every registered provider must meet the standards that apply to their registration groups, and compliance is verified through an independent audit conducted by an approved quality auditor. Understanding the NDIS practice standards new providers are required to meet is the essential starting point for any registration journey.

Which NDIS Practice Standards New Providers Must Meet

Not every standard applies to every provider. The NDIS practice standards new providers must meet depend entirely on the registration groups they apply for. Understanding this early prevents wasted effort and keeps your new provider compliance work focused. There are two tiers of standards: the core module and a range of supplementary modules.

The Core Module

The core module applies to all registered NDIS providers without exception. It covers four broad areas: rights and responsibilities, governance and operational management, the provision of supports, and the support provision environment. If you are pursuing registration for any group at all, you must demonstrate compliance with these four areas. They form the non-negotiable floor of your NDIS registration practice standards obligations.

The High Intensity Daily Personal Activities Module

This supplementary module applies if your organisation plans to deliver complex or high-intensity personal care supports. It includes additional requirements around clinical governance, training, and supervision. Many new providers are not aware this module exists until they are well into the registration process, which can cause significant delays. Review the full NDIS practice standards guide to confirm whether this module applies to your planned services.

The Specialist Behaviour Support Module

If your organisation will implement behaviour support plans or provide specialist behaviour support, this module is mandatory. It sets strict requirements around the use of restrictive practices, consent, and the role of a behaviour support practitioner. New providers entering this space face a higher compliance burden and should plan accordingly during provider onboarding.

The Early Childhood Supports Module

Providers delivering early childhood supports under the NDIS must meet this supplementary module. It focuses on family-centred practice, developmental outcomes, and the specific needs of children aged under seven. If early childhood is not in your service scope, you can set this module aside entirely.

The Specialist Support Coordination Module

Organisations planning to deliver specialist support coordination must meet an additional module focused on conflict of interest management, complex needs assessment, and participant-centred practice. This is relevant if you are a support coordination provider seeking to expand into specialist services.

Step-by-Step Compliance Roadmap for New Providers

Following a clear sequence makes working through the NDIS practice standards new providers face far less daunting. The steps below reflect the practical order that experienced compliance consultants recommend. Work through each stage methodically and document everything as you go.

1. Confirm your registration groups. Before you can map standards, you need to know which registration groups your services fall under. Use the NDIS Commission’s registration group table to identify the correct groups for every support type you plan to offer.
2. Map the applicable standards to your groups. Once you know your groups, identify every practice standard module that applies. Create a simple matrix listing each applicable standard against your planned services. This becomes the master reference for all compliance work.
3. Conduct a gap analysis. Measure your current policies, procedures, and practices against each applicable standard. Be honest about what does not yet exist. A thorough gap analysis prevents nasty surprises at audit time and gives you a prioritised action list.
4. Develop compliant policies and procedures. Write, review, and approve policies for every standard area. Each policy must reflect your actual operations — auditors can tell when policies are generic templates that have never been used. Consult the NDIS compliance checklist to ensure nothing is missed.
5. Complete NDIS Worker Screening for all applicable workers. Every worker in a risk-assessed role must hold a valid NDIS Worker Screening Check before they can deliver services. Build a tracking system to manage expiry dates and check statuses. Review the NDIS worker screening guide for a full breakdown of obligations.
6. Deliver workforce training. All workers must receive induction training that covers the Code of Conduct, their rights and responsibilities, and role-specific standards. Keep records of who completed what training and when. The NDIS Code of Conduct guide is essential reading before designing your training program.
7. Set up your incident management system. You must have a functioning incident management system before you begin delivering services. This includes clear reporting lines, an incident register, and procedures for notifiable and reportable incidents. See the NDIS incident management guide for a complete setup framework.
8. Engage an approved quality auditor. Contact an NDIS Commission-approved quality auditor to schedule your verification or certification audit. New providers with higher-risk registration groups will need a certification audit, which involves document review, interviews, and site observation. Plan at least eight to twelve weeks for this process.

Common Mistakes New Providers Make

Understanding where other providers have stumbled helps you avoid the same traps. These mistakes are not rare — auditors see them regularly.

• Assuming all standards apply equally. New providers sometimes try to comply with every module regardless of their registration groups. This wastes time and creates unnecessary complexity. Focus only on the standards that match your services.
• Using generic policy templates without customisation. Off-the-shelf policy documents fail audits when they do not reflect your actual service environment, staffing structure, or participant cohort. Every policy must be tailored to your organisation.
• Forgetting to set up a formal governance structure. The core module requires clear governance arrangements, including board or management oversight of quality and safety. Many new providers have informal decision-making processes that do not meet this requirement.
• Delaying worker screening. NDIS Worker Screening takes time to process. If you wait until the audit is imminent, you may not have clearances in place before you need to start delivering services. Begin this process as early as possible during provider onboarding.
• Overlooking the incident management obligations. Providers often set up an incident register but forget to create the procedures, reporting timeframes, and review processes that complete the system. Familiarise yourself with the NDIS reportable incidents guide before finalising your system.
• Not linking policies to the standards they address. Auditors need to see a clear connection between your policies and the specific practice standard outcomes they satisfy. Cross-reference each policy document to the relevant standard to make audit evidence gathering straightforward.

Building Your Compliance Foundation

A strong compliance foundation is not just about passing an audit. It is about operating an organisation that consistently delivers safe, quality supports. Three pillars underpin a durable foundation: policies, training, and documentation. Each pillar reinforces the others and together they demonstrate your organisation’s commitment to quality and safety.

Policies and Procedures

Your policy suite must cover every area addressed by the applicable practice standards. At minimum, new providers need governance policies, participant rights policies, complaints and feedback procedures, and incident management procedures. Each document should state its purpose, scope, the obligations it addresses, and the process staff must follow. Review your NDIS provider registration checklist to confirm you have all required documents in place before your audit.

Workforce Training and Competency

Training records are one of the first things auditors examine. Every worker must be able to demonstrate awareness of the standards, their obligations under the Code of Conduct, and how to raise concerns or report incidents. Build a training register that captures the training topic, date completed, delivery method, and the worker’s name. Update this record every time training is refreshed or new staff are inducted.

Documentation Systems

Documentation is the evidence that your compliance is real, not just theoretical. You need systems for recording service agreements, progress notes, incident reports, and complaints. A reliable digital system makes retrieval fast and audit preparation manageable. Well-structured NDIS progress notes and accurate service agreements are foundational documents that also protect your organisation legally.

People Also Ask

How long does it take to become compliant with NDIS practice standards?

Most new providers take three to six months to achieve full compliance with the NDIS practice standards. The timeline depends on several factors. These include the complexity of supports you deliver, the number of modules that apply to your registration groups, your existing policies, and how quickly you can engage an auditor. Providers entering higher-risk registration groups generally take longer because a certification audit requires more preparation than a verification audit. Starting your gap analysis and policy development early is the best way to shorten this timeline.

What are the first steps for new NDIS providers?

The first steps for new NDIS providers are to confirm your registration groups and map the applicable practice standards. Once you know exactly which standards apply, conduct a gap analysis against your current policies and practices. Then begin drafting compliant policies and procedures while simultaneously initiating NDIS Worker Screening for your workforce. These four activities can run in parallel and collectively set the foundation for a successful audit. Do not wait until policies are finished before starting worker screening — the clearance process has its own lead time that you cannot compress.

How Inficurex Helps New NDIS Providers

Managing the NDIS practice standards new providers must meet — manually and without dedicated tools — is time-consuming and error-prone. Inficurex is built specifically to help NDIS providers stay on top of their compliance obligations without drowning in paperwork. The platform centralises your incident management, progress notes, service agreements, and worker screening records in one place. Automated reminders alert you when worker clearances are approaching expiry, and built-in document management ensures your policies are version-controlled and audit-ready at any time. Whether you are in the early stages of provider onboarding or preparing for your first audit, Inficurex gives you the structure and visibility you need. Learn more about how Inficurex NDIS software for providers can support your compliance journey from day one.

Frequently Asked Questions

Do all NDIS providers have to comply with the practice standards?

Only registered NDIS providers are required to comply with the practice standards. Unregistered providers are not subject to the standards but must still comply with the NDIS Code of Conduct. If you are pursuing registration, compliance with the applicable standards is mandatory before you can be approved.

What is the difference between a verification audit and a certification audit?

A verification audit is a desktop review of your documents and records. It applies to providers in lower-risk registration groups. A certification audit is more comprehensive and includes document review, staff interviews, and observation of your service environment. The type of audit required depends on which registration groups you are applying for. Higher-risk groups always require certification.

Can a new provider apply for registration without having policies in place?

You can lodge an application before all policies are finalised, but your audit cannot be completed until your compliance documentation is ready. Auditors will assess your policies as part of the process. Attempting to go to audit without complete documentation will result in non-conformances that delay your registration.

How often do NDIS practice standards change?

The NDIS Commission periodically updates the practice standards to reflect changes in legislation, emerging evidence, and lessons from the sector. As a registered provider, you are responsible for staying current with any changes. Subscribe to NDIS Commission updates and review your policies whenever the standards are amended.

What happens if a provider does not meet the practice standards?

If a provider fails to meet the applicable practice standards during an audit, the auditor will issue non-conformances. Minor non-conformances require a corrective action plan, while major non-conformances can delay or prevent registration. In serious cases, the NDIS Commission can take regulatory action, including suspension or cancellation of registration.

Do subcontractors and sole traders need to meet the practice standards?

If a registered provider subcontracts service delivery, the registered provider remains responsible for ensuring the subcontractor meets the relevant practice standards. Sole traders registered under their own NDIS registration practice standards obligations must also meet the standards applicable to their own registration groups, just like any other registered provider. New provider compliance obligations apply equally to individual practitioners and large organisations.

Is there a practice standard specifically about participant rights?

Yes. The core module includes a rights and responsibilities outcome that requires providers to respect and uphold the rights of every participant. This encompasses dignity, autonomy, informed consent, privacy, and the right to make complaints without fear of reprisal. This is one of the most closely scrutinised areas during audits.

How should new providers manage compliance if they are growing quickly?

Fast-growing providers face heightened compliance risk because their workforce and service scope expand faster than their systems can keep up. The most effective approach is to invest in scalable digital systems early. Establish solid new provider compliance habits from the outset — tracking worker screening, training, incidents, and document version control from your first day of operation prevents costly retrofitting of compliance infrastructure later.

For more detail on building your compliance system, explore the NDIS provider standards overview and refer back to the Inficurex NDIS practice standards guide as your compliance work progresses.