Which NDIS Practice Standards modules apply to high intensity supports providers?

High intensity supports providers must comply with the Core Module of the NDIS Practice Standards as well as the High Intensity Daily Personal Activities supplementary module. Providers registered for behaviour support must also comply with the Behaviour Support supplementary module. Auditors assess evidence against the quality indicators in all applicable modules.

What type of audit do high intensity supports providers undergo — certification or verification?

High intensity supports registration requires a certification audit, not a verification audit. Certification audits are more comprehensive, involving document review, staff interviews, participant interviews, and site visits for larger providers. Verification audits are used for lower-risk support types and involve only document review.

How current do worker competency records need to be for a high intensity supports audit?

Competency evidence must be current and task-specific. Providers should check the currency requirements of the relevant credentialling body for each high intensity task type (for example, some clinical credentials require annual renewal). Workers with lapsed competency must not deliver the relevant support until competency is re-established and documented.

What must a provider do if they identify a compliance gap during their own pre-audit review?

Providers should document the gap, assign a responsible person, set a remediation deadline, and treat it as a corrective action item. Evidence of the gap identification and the steps taken to resolve it can actually demonstrate a functional quality management system to auditors — provided the gap is genuinely closed before or during the audit window.

Are there specific notification timeframes for reportable incidents involving high intensity supports participants?

Yes. The NDIS (Incident Management and Reportable Incidents) Rules require registered providers to notify the NDIS Commission of reportable incidents within specified timeframes — initial notification is required within 24 hours for the most serious incidents (such as death or serious injury). Providers should consult the NDIS Commission's incident management guidance for the full classification and timeframe table.

What happens if a provider is found to be implementing a restrictive practice without proper authorisation at audit?

Implementing an unauthorised restrictive practice is a serious non-conformance under the NDIS Practice Standards and may also constitute a breach of state or territory legislation. The NDIS Commission may impose conditions on registration, require an immediate corrective action plan, or in serious cases refer the matter for compliance action. Providers should cease any unauthorised restrictive practice immediately and obtain the required authorisation and behaviour support plan before resuming.

NDIS high intensity supports provider: audit preparation (2026)

Why 2026 is a critical year for high intensity supports audits

The NDIS Commission's strengthened regulatory framework, progressively embedded since the 2021 Practice Standards updates and reinforced through the 2023 Independent Review recommendations, places high intensity supports providers under heightened audit scrutiny heading into 2026. Mandatory registration now applies to a broader range of support types, and approved quality auditors are operating against clearer non-conformance criteria. Providers who have not revisited their evidence files since their last audit cycle are at significant risk of major non-conformances — particularly around worker competency and restrictive-practice authorisation.

This guide covers exactly what auditors check, where providers typically fall short, and the practical steps to get your organisation audit-ready.

What counts as a high intensity support?

Under the NDIS Practice Standards, high intensity daily personal activities are supports that involve a level of risk requiring additional worker competency. They include complex bowel care, enteral feeding, tracheostomy management, urinary catheter management, ventilator management, subcutaneous injections, and similar clinical or quasi-clinical tasks. Providers registered to deliver these supports must demonstrate compliance with the High Intensity Daily Personal Activities module of the NDIS Practice Standards in addition to the core module.

What an approved quality auditor actually checks

Audits for high intensity supports registration are certification audits (not verification audits). Auditors conduct document review, staff interviews, participant interviews, and — for larger providers — site visits. The following table summarises the primary evidence domains and what auditors look for in each.

Evidence domain	What auditors examine	Common non-conformance
Worker competency	Certificates, training records, supervision logs, scope-of-practice documentation for each high intensity task performed	Workers delivering supports they are not documented as competent in; expired certificates not flagged
Risk management	Individual participant risk assessments, health support plans, emergency response protocols	Generic risk templates not tailored to the individual; no evidence of review after an incident
Incident management	Incident register, NDIS Commission notifications (reportable incidents within required timeframes), corrective action evidence	Late notifications; incidents logged but no documented corrective action or root-cause analysis
Restrictive practices	Authorisation documentation under relevant state/territory law, behaviour support plans by a registered practitioner, monthly reporting to the NDIS Commission	Practices implemented without proper state/territory authorisation; behaviour support plan not in place or out of date
Governance and leadership	Board/management accountability structures, quality management system, policy review cycle	Policies present but no evidence of staff training or policy review dates
Feedback and complaints	Complaints register, resolution records, participant access to complaints process	Register exists but no evidence complaints were resolved or escalated appropriately
Participant rights	Consent documentation, decision-making support, service agreements	Consent obtained once at intake with no re-consent after significant changes to supports

Step-by-step audit preparation process

Map your registered supports to the relevant Practice Standards modules. Confirm which high intensity tasks your registration covers and pull the exact quality indicators from the NDIS Practice Standards. Every quality indicator needs traceable evidence.
Audit worker competency records. For each worker who delivers high intensity supports, confirm you hold: a current competency certificate or equivalent credential for the specific task, a record of site-specific orientation or supervision sign-off, and a schedule for competency review. Gaps here are the single most common major non-conformance.
Review every participant's health support plan and risk assessment. Plans must be current (reviewed at least annually or after any significant change), individualised, and signed off by an appropriate health professional where the task requires clinical oversight. Check that the plan is accessible to the worker at the point of care.
Audit your incident register for notification compliance. Every reportable incident must be notified to the NDIS Commission within the required timeframes. Export your register for the past 12 months and cross-check notification dates against incident dates. Document corrective actions taken for every incident.
Verify restrictive practice compliance. For any participant subject to a restrictive practice: confirm state/territory authorisation is current, the behaviour support plan is in place and written by a registered NDIS behaviour support practitioner, and monthly reporting to the Commission has been completed without gaps.
Conduct a mock internal audit. Use the NDIS Practice Standards quality indicators as your audit instrument. Assign staff to gather evidence for each indicator. Where evidence cannot be produced within 48 hours, treat it as a gap that needs remediation before your actual audit.
Prepare your document management system. Auditors will request documents during the audit window. Organise evidence into clearly labelled folders by Standards module. Ensure version control — policies must show current review dates and approval signatures.
Brief participant representatives. Auditors will speak with participants or their supporters. Prepare participants by explaining the process in plain language. Do not script or coach responses — auditors assess whether participants are genuinely informed and feel safe.
Close out any NDIS Commission compliance correspondence. If you have received a compliance notice or letter of concern since your last audit, ensure corrective actions are fully implemented and documented prior to the audit date.

The five non-conformances auditors find most often

1. Competency records that don't match the support delivered

Providers hold generic manual-handling certificates but cannot demonstrate worker competency for the specific clinical task — for example, tracheostomy suctioning versus general airway management. Each high intensity task requires task-specific evidence of competency.

2. Health support plans that are out of date or generic

A plan drafted 18 months ago and never reviewed, or a template with minimal individualisation, will not meet the standard. Auditors look for evidence the plan reflects the participant's current health status and is updated following any change in condition or after an incident.

3. Incident notifications filed late or not at all

The NDIS Commission requires reportable incidents — including the death of a participant, serious injury, or abuse or neglect — to be notified within specific timeframes. Providers often discover, during audit preparation, that staff recorded incidents in an internal register but did not lodge notifications with the Commission.

4. Restrictive practices implemented without proper authorisation

This is a critical non-conformance. Regulated restrictive practices require authorisation under the relevant state or territory legislation before they are implemented, not retrospectively. Providers must also hold a current behaviour support plan from a registered practitioner. Auditors will examine whether the practice type, authorisation, and plan all align.

5. Policies that exist on paper but show no evidence of implementation

Having a policy is not sufficient. Auditors will ask staff what the policy requires, check training records that show staff have read and understood it, and look for evidence the policy has been applied in practice. A policy with a review date of three years ago and no training records is a reliable non-conformance.

A practical evidence checklist for high intensity supports providers

NDIS registration certificate confirming high intensity supports registration group
Current worker competency records for every high intensity task type delivered
Health support plans for all participants receiving high intensity supports — signed, dated, and reviewed within the required period
Incident register with NDIS Commission notification confirmation for all reportable incidents
Restrictive practice authorisation documents — state/territory approvals, behaviour support plans, monthly reports
Quality management policy suite — incident management, complaints, risk management, governance — all with current review dates and approval signatures
Staff training register cross-referenced to high intensity supports policies
Complaints register with resolution evidence
Service agreements and participant consent records
Evidence of participant feedback mechanisms (surveys, reviews, meeting notes)

Using a structured compliance kit to close gaps faster

Many providers find that the volume of documentation required across the NDIS Practice Standards modules is the biggest barrier to audit readiness. If your organisation is starting from scratch or has significant gaps, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that covers policies, procedures, registers, and templates aligned to the current Practice Standards — which can significantly reduce the time needed to build compliant documentation systems before your audit window opens.

After the audit: what happens next

Where an auditor identifies a non-conformance, your organisation will have an opportunity to respond with a corrective action plan. Minor non-conformances typically allow a period for remediation. Major non-conformances — particularly those relating to restrictive practices, incident notification, or worker competency — can result in conditions on your registration or referral to the NDIS Commission's compliance and enforcement team. Addressing non-conformances promptly and with thorough documentation is essential to protecting your registration status.

Audit preparation is not a one-time exercise. Building a continuous quality improvement cycle — regular internal audits, policy review schedules, ongoing competency monitoring — is the most reliable way to remain audit-ready across the full registration period.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.