Ask five consultants what policies a certification provider needs and you'll get five different lists. But when you map the Core Module of the NDIS Practice Standards outcome by outcome, a consistent core set emerges, 27 policies that between them cover what every certification audit examines. Here's the full checklist, organised the way auditors think: by domain.
Governance and operational management (1 to 8)
- Corporate governance: roles, delegations, board or director oversight of quality and safeguarding.
- Risk management: organisational risk framework with a live risk register.
- Quality management and continuous improvement: how you audit yourselves and act on findings.
- Incident management: identification, response, investigation, and reportable incident notification to the Commission.
- Complaints and feedback management: accessible processes, register, and evidence of resolution.
- Conflict of interest: policy plus a maintained register covering related parties and referrals.
- Emergency and disaster management: continuity of critical supports through emergencies.
- Information management and privacy: records, consent to collect, storage, access and breach response.
Rights of participants (9 to 14)
- Rights and person-centred supports: dignity, autonomy and legal rights embedded in delivery.
- Choice and control: supported decision-making and participant direction of supports.
- Safeguarding: abuse and neglect prevention and response: recognition, response and mandatory notifications.
- Violence, exploitation and discrimination prevention: including worker conduct expectations.
- Privacy and dignity: the participant-facing counterpart to your information management policy.
- Independence and informed choice: information provision in accessible formats.
Provision of supports (15 to 21)
- Service access, entry and exit: non-discriminatory access and safe transitions.
- Service agreements: clear, fair agreements participants understand.
- Support planning: individual plans linked to participant goals and risks.
- Medication management: where relevant to your groups: administration, storage, errors, PRN protocols.
- Mealtime management: where relevant: dysphagia, texture-modified diets, mealtime plans.
- Behaviour support and restrictive practices: implementing plans, authorisation and reporting if practices are used.
- Transitions between providers and settings: handover of critical information safely.
Support environment and workforce (22 to 27)
- Human resource management: recruitment, qualifications, position descriptions and performance.
- Worker screening: NDIS Worker Screening Check tracking with a compliant register.
- Induction, training and supervision: competency records tied to the supports each worker delivers.
- Code of conduct: NDIS Code of Conduct obligations translated into your workplace.
- Work health and safety: including safety in participants' homes and community settings.
- Safe environment: infection control, equipment safety and environmental risk management for your service settings.
A policy alone convinces nobody
Auditors read policies at Stage 1, but they certify you on Stage 2 evidence. Every policy above needs its operational tail: the incident policy needs a used register and completed reports; the HR policy needs worker files that match it; the improvement policy needs internal audit records. "Document says, records show, staff describe." All three must line up. Our guide to what auditors actually check walks through how that sampling works.
Building the suite without writing 27 policies yourself
Depending on your registration groups, several of these expand into module-specific documentation, which is why Veyora structures its library as CertCore ($1,290), the certification base covering the core set, plus registration group modules that add exactly what your groups require and nothing you don't. Across the library sit 500+ tailored documents, policies, procedures, registers and forms, each one customised to your organisation, never off-the-shelf, and backed by our audit pass guarantee: pass your audit with our documentation or receive a full refund. Verification-pathway providers need a much smaller set. That's VeriPath ($469).
Check your list against the homepage scope tool, see how it works, or call 1800 701 520 and we'll tell you which of the 27 your scope actually triggers.
General information only: confirm requirements with the NDIS Commission and your auditor.