The NDIS Practice Standards: a provider's preparation checklist
Registration is really an assessment against the NDIS Practice Standards — so knowing which modules apply to you, and what auditors actually look for, is most of the preparation. Here's the structure, and a checklist to get audit-ready.
The NDIS Practice Standards set the quality standards a registered provider must meet. They're made under the NDIS (Provider Registration and Practice Standards) Rules 2018, and they're what your quality audit assesses you against. Each standard has an outcome (participant-focused) and quality indicators the auditor uses to judge compliance. The first thing to work out is which modules apply to you.
The three module types — which set applies to you
The Standards are organised into modules, and your registration groups decide which you're assessed against:
- The Core module — applies to all providers delivering higher-risk supports (the certification path, which includes SIL).
- Supplementary modules — added on top of Core depending on what you deliver (see below).
- The Verification module — applies instead of Core for providers delivering only lower-risk supports (the verification path — many allied-health practices).
So a SIL provider is assessed against Core + the SIL supplementary module; a sole-practitioner physio is typically assessed against the Verification module only.
The Core module — four areas
If you're on the certification path, the Core module is the bulk of your audit. It covers four areas:
- Rights and responsibilities — person-centred supports, individual values and beliefs, privacy and dignity, independence and informed choice, violence/abuse/neglect/exploitation prevention.
- Provider governance and operational management — governance, risk management, quality management, information management, feedback and complaints, incident management, human resource management, continuity of supports.
- Provision of supports — access, support planning, service agreements, responsive delivery, transitions.
- Provision of supports environment — safe environment, participant money and property, and management of medication, waste and hazards.
Supplementary modules — the extras for what you deliver
On top of Core, you're assessed against a supplementary module for each higher-risk support type you're registering for. The modules are:
- Supported independent living (SIL) — the module SIL providers must meet, in addition to Core. It has its own standards and quality indicators.
- High intensity daily personal activities; specialist behaviour support; implementing behaviour support plans; early childhood supports; specialist support coordination; specialist disability accommodation.
If you deliver more than one, expect more indicators and a larger audit — which is one of the things that drives audit cost.
The Verification module — for lower-risk providers
If your supports are lower-risk (many single-discipline allied-health and equipment providers), you're assessed against the Verification module instead of Core. It's narrower, covering four areas:
- human resource management
- risk management
- complaints management and resolution
- incident management.
Verification is a desktop review of documentary evidence rather than an onsite audit — see certification vs verification for how the two audits differ.
A practical preparation checklist
Audits test whether your systems work in practice, not whether a policy exists. Before you engage an auditor, work through this:
- ☐ Confirm your registration groups, so you know exactly which modules and indicators apply.
- ☐ Download the Practice Standards and Quality Indicators and map each indicator to a policy, procedure or record you can show.
- ☐ Make sure your worker screening clearances are current for key personnel and risk-assessed workers.
- ☐ Have a working incident management system — and a real example you can trace end to end (report → review → action → notification).
- ☐ Have a complaints process participants know how to use, with records.
- ☐ Keep staff files audit-ready: screening, qualifications, induction, supervision, training.
- ☐ Hold risk registers, governance minutes and continuous-improvement records — evidence of implementation, not just intent.
- ☐ For SIL and behaviour-support providers, check the supplementary-module indicators (e.g. restrictive-practice authorisation, participant money handling) specifically.
The gap that fails most first audits isn't a missing policy — it's a policy the organisation can't demonstrate it actually follows. Build the evidence trail before the auditor asks for it.
How to verify this information
Use the Commission's own Standards as the authority — they are periodically amended:
- NDIS Practice Standards (online + downloadable PDF of Standards and Quality Indicators), including the SIL supplementary module.
- The quality audit process for how the Standards are assessed.
ProviderScout is an independent directory, not affiliated with the NDIA or NDIS Commission.
Frequently asked questions
What are the NDIS Practice Standards?
They're the quality standards a registered NDIS provider must meet, made under the NDIS (Provider Registration and Practice Standards) Rules 2018. They're organised into a Core module (higher-risk providers), supplementary modules (by support type, including SIL), and a Verification module (lower-risk providers). Each standard has a participant-focused outcome and quality indicators that auditors use to assess compliance.
Which Practice Standards modules apply to a SIL provider?
A SIL provider delivers a higher-risk support, so it's assessed against the Core module plus the Supported Independent Living supplementary module. Additional supplementary modules apply if you also deliver other higher-risk supports such as high-intensity daily personal activities or specialist behaviour support.
What does the Core module cover?
Four areas: rights and responsibilities; provider governance and operational management; provision of supports; and the provision-of-supports environment. Between them they cover person-centred practice, governance and risk, incident and complaints management, human resources, service delivery, and safe environments.
What's the difference between the Core and Verification modules?
The Core module applies to higher-risk providers (the certification-audit path) and is broad. The Verification module applies instead to lower-risk providers and is narrower — human resource management, risk management, complaints management, and incident management — assessed by a desktop document review rather than an onsite audit.
How do I prepare for a Practice Standards audit?
Map every quality indicator that applies to your registration groups to a policy, procedure or record you can produce; ensure worker-screening clearances are current; and — most importantly — build an evidence trail that shows your systems work in practice (traceable incidents, complaints records, staff files, governance minutes). Auditors test implementation, not just whether a policy document exists.