Every registered NDIS provider is assessed against the NDIS Practice Standards. They read like legislation, but the structure underneath is simple: a core module everyone on the certification pathway meets, supplementary modules that switch on for specific registration groups, and quality indicators auditors use to test each standard.
The core module: four divisions
1. Rights of participants and provider governance
Person-centred supports, privacy and dignity, independence and informed choice, freedom from violence, abuse, neglect, exploitation and discrimination, plus the governance backbone: how your organisation is run, how risk is managed, how quality improves, and how incidents and complaints are handled.
2. Provision of supports
How participants access your service, how supports are planned and delivered, service agreements, responsive provision, and transitions to or from your service.
3. The support environment
Safe environments, participant money and property, management of waste, medication management and mealtime management, the practical safety of how and where supports happen.
4. Governance and operational management
Your management systems in depth: quality management, information management, human resources, continuity of supports and emergency planning.
Our CertCore package documents all four divisions, 33 policies plus every register, form and template, mapped standard-by-standard.
Supplementary modules
Specific registration groups trigger additional modules: high intensity daily personal activities (with skills descriptors for supports like PEG feeding and tracheostomy care), specialist behaviour support and implementing behaviour support plans, early childhood supports, support coordination conflict-of-interest requirements, and specialist disability accommodation. Each has its own Veyora module that slots into CertCore.
Quality indicators: how auditors actually mark you
Each standard comes with quality indicators, the specific evidence an auditor looks for. This is why generic policy templates fail audits: the auditor isn't checking whether you have a policy called “Incident Management”, they're checking whether your system demonstrably identifies, records, responds to and learns from incidents. Documentation must be written against the indicators, then backed by real records.
Verification providers
Lower-risk providers meet a smaller verification module instead, four requirement areas covered end-to-end by VeriPath.
Not sure which modules apply to you? Send us your registration groups. We'll map them for you, no charge.
This article is general information, not legal or professional advice. Refer to the NDIS Commission for the current Practice Standards.