The Practice Standards and the audit process

The standards that set quality and safety expectations for registered providers, and how audits against them work.

Key facts

The NDIS Practice Standards set the quality and safety expectations that registered providers must meet.
Standards are organised into a core module and supplementary modules that apply based on the supports you are registered to deliver.
Audits against the standards are conducted by approved quality auditors, not by the NDIS Commission directly.

What the Practice Standards are

The NDIS Practice Standards are a framework of quality and safety requirements that all registered NDIS providers must meet official source (opens in a new tab) . They are made under the NDIS (Provider Registration and Practice Standards) Rules and cover the systems, processes, and outcomes that providers must have in place to safely and competently deliver supports to participants. The standards address governance, risk management, incident management, complaints handling, worker qualifications, and the quality of support delivery itself.

The Practice Standards exist alongside the NDIS Code of Conduct: the Code sets individual behaviour expectations, while the Practice Standards address what an organisation must have in place as a whole. Both apply to registered providers.

Core and supplementary modules

The Practice Standards are divided into a core module that applies to all registered providers, and supplementary modules that apply depending on the registration groups held official source (opens in a new tab) . The core module covers the foundations of safe support delivery: rights and responsibilities, governance and operational management, the provision of supports, and support planning.

Supplementary modules set additional requirements for more complex or higher-risk support types. Examples include modules for specialist support coordination, specialist behaviour support, implementing behaviour support plans, and high-intensity daily personal activities. If your organisation is registered to deliver any of these supports, the corresponding supplementary module is added to your audit scope.

Good to know

The registration groups you apply for determine which supplementary modules apply to your organisation. Review the Commission’s published mapping of registration groups to Practice Standards modules before finalising your application.

Verification vs certification audits

The type of audit you undergo depends on the registration groups you hold and the complexity of the supports you deliver official source (opens in a new tab) . Verification audits are conducted by reviewing documentary evidence, such as your policies, procedures, and a sample of records. They are typically applied to providers delivering lower-risk supports. The auditor assesses whether your documentation demonstrates compliance with the applicable standards but does not generally conduct on-site inspections or interviews.

Certification audits are more comprehensive. They involve site visits to your premises, interviews with managers, staff, and participants, and a review of your actual practices against the standards rather than documentation alone. Certification is required for providers delivering higher-risk supports, including those involving personal care, specialist supports, or behaviour support. The auditor produces a detailed report with findings and any non-conformities identified.

Preparing for audit

Preparation for a Practice Standards audit is best approached by working through each applicable standard and gathering evidence that your organisation meets it. This typically includes reviewing your policies and procedures to confirm they reflect current requirements, checking that staff records (qualifications, training, worker screening) are complete, and ensuring your incident management and complaints systems have been operating as required.

Auditors will look for evidence of practice, not just documented intent. This means keeping accurate records of support delivery, incidents, and complaints as a matter of course rather than assembling them only when an audit approaches. Many providers find a gap analysis against the relevant standards a useful starting point, identifying areas where evidence may be thin or processes need strengthening before the auditor arrives.

Non-conformities

Where an auditor identifies that an aspect of your practice does not meet a standard, they will record a non-conformity in their report official source (opens in a new tab) . Non-conformities can be minor (a gap that does not immediately affect participant safety) or major (a significant failure that does). The Commission uses the audit report, including any non-conformities, to determine whether to grant or renew registration.

A non-conformity does not automatically result in a failed registration, but it does require a response. You will typically need to submit a corrective action plan describing how you will address the gap, and the auditor or Commission may require evidence that the issue has been resolved. Addressing non-conformities promptly and demonstrating that your systems have been strengthened is important for maintaining or renewing registration. Providers who repeatedly fail to address non-conformities risk conditions being placed on their registration or, in serious cases, suspension or cancellation.