What the Core Module is — and why it applies to you
The NDIS Practice Standards are the quality and safety benchmarks that registered providers are measured against. The NDIS Quality and Safeguards Commission publishes them, and they are the yardstick an approved quality auditor uses when they assess you. The Standards are split into a Core Module, which applies broadly to higher-risk providers, and a set of supplementary modules for particular kinds of support — such as high intensity daily personal activities, or specialist behaviour support.
Supported Independent Living is a higher-risk support. That means a SIL provider is registered through a certification audit — the more thorough of the two audit pathways — and is assessed against the full Core Module, plus whichever supplementary modules match the supports you deliver. (The lighter verification audit, which only checks a short list of documents, is for low-risk supports and does not apply to you.) So the Core Module is not background reading. It is the document your auditor works through, outcome by outcome, when they decide whether you pass.
The Core Module describes what a safe, well-run service looks like — and the audit checks whether your service actually matches that description. The four parts move from the participant's rights, to how your organisation is run, to how supports are delivered, to the environment they happen in.
How the module is built: parts, outcomes, quality indicators
Before the four parts, it helps to understand the three layers inside the module — because auditors and consultants use these words interchangeably and it gets confusing fast.
| Layer | What it is | What it means for you |
|---|---|---|
| Part (sometimes called a "division" or "group") | One of the four major sections of the Core Module | The four headings your evidence is organised under: Rights, Governance, Provision of Supports, Environment. |
| Outcome | The result a standard requires — written from the participant's point of view | For example: "each participant accesses supports free from violence, abuse, neglect, exploitation or discrimination." This is what you must achieve. |
| Quality indicator | The specific marker an auditor uses to judge whether an outcome is met | For example: having a policy that prevents abuse, training workers to spot it, and evidence the process is followed. This is how the auditor decides you've met the outcome. |
The practical takeaway: you are assessed against the outcomes, but you pass on the quality indicators. An auditor will not just ask "do you respect rights?" — they will look for the specific indicators that prove it. So your job is to make your evidence line up with the indicators under each outcome, not to write something abstract about your values. The rest of this article walks the four parts in the order the module sets them out.
Part 1 — Rights and Responsibilities
This part sets out the rights of the participant and the matching responsibilities of the provider. It is the human-rights spine of the whole module, and in a SIL setting — where you are in someone's home, often around the clock — it carries real weight. The outcomes in this part cover:
- Person-centred supports — supports are tailored to the individual, their needs and their goals, not delivered as a one-size-fits-all routine.
- Individual values and beliefs — the participant's culture, identity, values and beliefs are respected in how supports are delivered.
- Privacy and dignity — the participant's right to privacy and dignity is respected and upheld, including how their personal information is handled.
- Independence and informed choice — the participant is supported to make informed choices, exercise control, and maximise their independence.
- Violence, abuse, neglect, exploitation and discrimination — the participant accesses supports free from harm, with active processes to prevent and respond to it.
For a SIL provider, the dangerous trap in this part is that the policies almost always exist — a privacy policy, a code of conduct, a choice-and-control statement — but the practice evidence is thin. An auditor checking the privacy outcome does not want to read your privacy policy; they want to find a signed, current consent on a participant's file and see that information is stored securely in the home. An auditor checking person-centred supports wants the participant's own goals reflected in their support plan and shift notes, not a generic template. This is the part where "we have the policy" and "we do the thing" most often diverge. For a deeper look at the participant-facing outcomes, see our guide to person-centred supports.
Part 2 — Provider Governance and Operational Management
This is the largest and, for small providers, the hardest part. It sets out how your organisation must be run so that supports are safe and sustainable — and the outcome it drives toward is that each participant's support is overseen by governance and operational systems that are proportionate to your size and the complexity of what you deliver. The outcomes in this part cover:
- Governance and operational management — clear accountability, defined roles, and oversight of how the service runs.
- Risk management — risks to participants, workers and the organisation are identified, recorded and managed.
- Quality management — a system to monitor quality, learn from problems, and drive continuous improvement.
- Information management — participant and operational records are accurate, secure, confidential and accessible to those who need them.
- Feedback and complaints management — participants can give feedback and make complaints, and those are handled and resolved.
- Incident management — incidents are identified, responded to, recorded, reported where required, and learned from.
- Human resource management — workers are competent, screened, qualified for their role, and supported with supervision and training.
- Continuity of supports — supports continue without unplanned interruption, including through staff absence or emergencies.
Governance asks for ongoing systems, not one-off documents. A risk register written the week before the audit and never touched again is a giveaway. A continuity-of-supports plan that names no actual backup staff is hollow. A complaints policy with an empty complaints register raises the question of whether anyone could ever complain. Auditors read this part looking for a service that is genuinely operating these systems — not a folder of templates that were filled in once.
Two outcomes inside this part — incident management and complaints — are so important to a SIL service that they are also where the rest of your evidence connects. A behaviour-support concern, a medication error, an allegation of harm: each of those lands in your incident system first. If that system is weak, the cracks spread into Part 1 (rights) and Part 3 (supports). It is worth treating your SIL incident management system as a core asset, and your SIL policies and procedures as the spine that holds this entire part together.
Part 3 — Provision of Supports
This part is about the supports themselves — how they are planned, agreed, delivered and adjusted. Where Part 1 is about rights and Part 2 is about the organisation, Part 3 is about the actual day-to-day work. The outcomes in this part cover:
- Access to supports — the participant accesses supports that suit their needs, and there is a clear, transparent process for starting (and ending) a support relationship.
- Support planning — supports are planned with the participant, based on their needs, goals and preferences, and documented so workers can deliver them consistently.
- Service agreements with participants — there is an agreed understanding of what supports will be provided, how, and on what terms.
- Responsive support provision — supports are delivered in line with the plan and adapt as the participant's needs change.
For a SIL provider, the heart of this part is the link between the participant's support plan and what actually happens on shift. An auditor reading this part will pull a participant's plan and then read their progress notes to see whether the two match. If the plan says a participant is working toward cooking independently and the notes only ever record "staff prepared dinner," that gap is a finding under responsive support provision. Consent runs through here too: supports should be delivered with the participant's agreement, and that agreement should be recorded. This is where the quality of your shift notes does a lot of quiet work — they are the evidence that the plan is being delivered as written.
Stop guessing which documents the Core Module needs
The SIL Rescue Kit gives you the audit-mapped policies, registers and templates that sit under every part of the Core Module — the structure auditors expect, ready to populate with your own service's real records.
See the SIL Rescue Kit — $297Part 4 — Provision of Supports Environment
The fourth part is about the environment supports happen in — and for a SIL provider, the environment is the participant's home. That makes this part more concrete and more physical than the others. The outcomes in this part cover:
- Safe environment — supports are delivered in an environment that is safe, appropriate to the participant's needs, and free from avoidable hazards.
- Participant money and property — where the provider handles a participant's money or property, it is managed transparently and protected from misuse.
- Management of medication — where medication is administered or stored, it is done safely, with proper records (this connects to the supplementary modules where high-intensity supports apply).
- Management of waste — clinical and other waste, where relevant, is handled safely.
- Infection prevention and control — there are measures to prevent and manage the spread of infection in the support environment.
This part catches SIL providers because the home feels domestic, not clinical — so providers forget it is being audited as a support environment. Medication storage in a shared SIL house is a recurring example: if medication is locked away from a particular participant for a behavioural reason, that storage can also be a restrictive practice, which pulls in the behaviour-support framework as well. The safe-environment outcome covers everyday things auditors do look at — fire safety, hazard checks, and whether the home suits the participant's mobility and needs. Where you administer medication, the records matter as much as the storage; our guides on medication management for SIL and behaviour support plans go deeper on the two places this part most often overlaps with higher-risk practice.
How each part is actually audited
Here is the part most guides skip: how the auditor tests the module. A SIL certification audit is not one event — it usually runs in two stages, and each part of the Core Module is examined differently across them.
| Stage | What happens | How the Core Module is tested |
|---|---|---|
| Stage 1 — Document review | Largely a desktop review of your policies, procedures, registers and templates, usually before the on-site visit. | The auditor checks that you have documents addressing each applicable outcome, and that they reflect the quality indicators. This is where missing or generic policies surface. |
| Stage 2 — On-site assessment | The auditor (certification audits use at least two auditors) visits, samples participant files, interviews workers and management, and may speak with participants and families. | The auditor tests whether the documents from Stage 1 are real in practice — tracing whether what your policies promise actually happens in the home. |
Across both stages, the auditor assesses each outcome by triangulating three sources: your documents (what you say you do), your interviews (what your people say you do), and your records (what actually happened). A finding is raised when those three do not line up. A polished policy that staff have never heard of fails on interview. A confident interview with no records to back it up fails on evidence. The strongest position is when document, interview and record all tell the same story.
This is why each part is tested through a slightly different lens:
- Part 1 (Rights) is tested heavily through participant files and, where possible, conversations with participants and families — because rights are felt by the person, not just written in a policy.
- Part 2 (Governance) is tested through registers, records and management interviews — the auditor is checking whether the systems run continuously, so they look for a paper trail over time, not a single snapshot.
- Part 3 (Provision of Supports) is tested by pulling a participant's plan and reading their notes — the match between plan and practice is the whole game.
- Part 4 (Environment) is tested partly by physically observing the home and partly through records — medication logs, hazard checks, cleaning and infection-control records.
For a fuller walk-through of the auditor's behaviour on the day, see what auditors check for SIL providers and our guide to how to prepare for a SIL audit.
Proportionality: what "small provider" really buys you
One word in the Core Module does a great deal of work for small SIL providers: proportionate. The governance outcome explicitly requires systems that are proportionate to the size and scale of the provider and the complexity of supports delivered. That principle runs through the whole module.
In plain terms: a two-house provider with eight staff is not expected to have the same governance machinery as a 200-staff multi-site organisation. You do not need a board sub-committee structure, a dedicated quality team, or a 60-page risk framework. What proportionality does not mean is that you can skip an outcome. Every applicable outcome must still be met — you simply meet it at a scale that fits your service. A small provider can satisfy the risk-management outcome with a clear, maintained risk register and a simple review rhythm; it does not need an enterprise risk system.
Proportionality is a sizing principle, not an exemption. Use it to keep your systems lean and genuinely operated rather than bloated and ignored. A small, real, well-run system beats a large, copied, dead one at audit every time. The mistake is treating "we're small" as a reason to leave an outcome blank — that is not proportionality, that is a gap.
The Core Module failures that show up most
1. Policies exist, practice evidence doesn't
The single most common pattern across all four parts. The provider has the policy folder but cannot produce the participant-level records that prove the policy is lived — a privacy policy with no signed consent, a complaints policy with an empty register, a person-centred policy with generic shift notes.
2. Governance systems that ran once
A risk register, continuity plan or improvement log that was completed for the audit and never updated. Part 2 is about continuous operation; a one-time document fails the test of a running system.
3. Plan and notes that don't match
Under Part 3, the participant's support plan describes goals the shift notes never mention. The auditor reads the gap as supports that aren't actually responsive to the plan.
4. The environment treated as "just a house"
Under Part 4, providers forget the home is an audited support environment — no hazard checks, medication storage that doubles as an unauthorised restrictive practice, or thin infection-control measures.
5. Workers who can't speak to the systems
At Stage 2, staff are interviewed. If a worker can't explain how to report an incident, how to support a participant's choices, or where the medication records live, the auditor concludes the system exists only on paper.
6. Treating "small" as an excuse, not a scale
Misreading proportionality and leaving outcomes blank because the provider is small. The outcome still has to be met — just sized to fit.
Getting your Core Module evidence audit-ready
You can get ahead of every failure above with a structured preparation pass. Work the four parts in order, and for each one ask the auditor's question — not "do I have a policy?" but "can I prove this happens?"
- Part 1 — Pull two or three participant files and confirm signed, current consent, person-centred goals, and respect-for-privacy in practice
- Part 2 — Open your risk register, complaints register, incident records and continuity plan and confirm each is current and actually maintained, not a one-off
- Part 2 — Check every worker has screening, qualifications, an induction record and supervision evidence on file
- Part 3 — Take one participant's support plan and trace it through their last month of notes; confirm the plan's goals appear in the practice
- Part 4 — Walk the home with fresh eyes: hazards, medication storage and records, infection-control measures, money-handling transparency
- All parts — For each outcome, line up document, what staff would say, and what your records show; fix any of the three that don't match
If you want to know where you stand before you start, the free SIL Readiness Scorecard walks you through the major Core Module domains and shows you which parts are likely to draw findings. It takes a few minutes and gives you a prioritised list — so you fix the part that's weakest first, rather than polishing the part that's already fine.
And because so much of Part 1 and Part 3 evidence comes down to the quality of progress notes, the free Notes Rewriter tool helps your workers turn rough end-of-shift notes into structured, plan-linked progress notes — without ever inventing detail. Good notes are quietly the strongest Core Module evidence you have.
Don't walk into a certification audit hoping the Core Module holds up
The SIL Rescue Kit gives you 60+ audit-mapped documents — the policies, registers and procedures that sit under all four parts of the Core Module — so when the auditor works through outcome by outcome, the structure is already there, ready for your service's real records.
View the SIL Rescue Kit — $297Important: This article is general guidance for NDIS SIL providers, not legal or professional advice. The structure of the NDIS Practice Standards, the outcomes within each part, and the audit process are set by the NDIS Quality and Safeguards Commission and can change — including reforms to the SIL-specific Practice Standards. Always verify current requirements directly with the NDIS Commission and your approved quality auditor before acting.