NDIS Practice Standards Core Module: Every Outcome Explained (with Evidence Requirements)

1. What Are the NDIS Practice Standards?

The NDIS Practice Standards are the minimum quality and safety requirements that every registered NDIS provider must meet. They are set under the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018 and administered by the NDIS Quality and Safeguards Commission. Compliance is assessed through independent audits — either certification audits (for higher-risk supports) or verification audits (for lower-risk supports).

The Practice Standards exist because registration alone does not guarantee quality. They set specific, measurable expectations about how providers must operate — from how they respect participant rights through to how they manage staff, finances, and risks. The auditor's job is to verify that your organisation not only has the right policies, but that those policies are actually implemented and that outcomes for participants can be evidenced.

The NDIS Practice Standards are divided into a Core Module (mandatory for all providers) and a series of supplementary modules that apply depending on your registration groups. The supplementary modules include areas such as Specialist Disability Accommodation (SDA), High Intensity Daily Personal Activities, Specialist Behaviour Support, Early Childhood Supports, and others.

This article focuses exclusively on the Core Module — the universal baseline every provider must satisfy, regardless of what supports they deliver.

The practical implication: every policy document you write, every form you use, every staff training record you keep either does or does not contribute evidence toward these standards. Understanding the structure before you build your compliance system is what separates providers who sail through audits from those who scramble for corrective actions.

2. The Core Module Structure: 4 Groups, 8 Outcomes, 40+ Indicators

The Core Module is organised into four outcome groups. The first two groups — Rights and Responsibility, and Governance and Operational Management — apply to every single registered NDIS provider. The third group (The Support Environment) applies specifically to providers delivering Supported Independent Living (SIL) and similar residential or shared living supports. The fourth group (Support Provision) applies to providers delivering ongoing or episodic direct supports.

Each outcome group contains multiple outcomes, and each outcome contains multiple indicators. When an auditor assesses your organisation, they are assessing evidence against those indicators. The indicators describe what "good" looks like in operational terms — they are the checklist auditors work through.

Here is the high-level map of the Core Module:

• Group 1 — Rights and Responsibility: Outcomes 1.1 through 1.5 — covering person-centred supports, individual values and beliefs, privacy and dignity, autonomy and the dignity of risk, and violence, abuse, neglect, exploitation, and discrimination (VANED).
• Group 2 — Governance and Operational Management: Outcomes 2.1 through 2.6 — covering governance and operational management systems, risk management, quality management, information management, financial management, and human resources.
• Group 3 — The Support Environment: Outcomes 3.1 through 3.4 — applying to SIL providers: the physical environment, the household environment, participant health and wellbeing, and transitions.
• Group 4 — Support Provision: Outcomes 4.1 through 4.6 — covering assessment and planning, the support plan, delivering supports, managing transitions, support worker knowledge and skills, and medication management.

It is worth noting that while the legislation uses numbered outcomes, auditors do not simply tick a box per outcome. They assess the full body of evidence holistically for each indicator. A policy document that exists but is never used in practice will not satisfy an auditor — they will interview staff, review participant files, inspect records, and look for evidence that systems are alive, not just documented.

3. Group 1: Rights and Responsibility (Outcomes 1.1–1.5)

Group 1 is the most human-centred of the four groups. It requires providers to demonstrate that participants are treated as rights-bearing individuals, that their choices and values are actively respected, and that robust safeguards exist to protect them from harm. Every outcome in Group 1 should be visible in your direct service delivery records, not just in your policy documents.

4. Group 2: Governance and Operational Management (Outcomes 2.1–2.6)

Group 2 shifts from participant-facing practice to organisational systems. These outcomes assess whether your provider has the governance structures, management systems, and operational discipline to sustainably deliver safe, quality supports. Newer providers frequently underestimate the rigour required here — the NDIS Commission expects a functioning quality management system, not just a folder of policies.

5. Group 3: The Support Environment (SIL-Specific — Outcomes 3.1–3.4)

Group 3 applies only to providers delivering supports in a shared living or residential setting — primarily Supported Independent Living (SIL) providers. If your registration does not include SIL or comparable residential supports, these outcomes do not apply to your Core Module assessment. However, if you do deliver SIL, Group 3 adds four additional outcomes to your audit scope.

Outcome 3.1 — The Physical Environment

The physical environment in which supports are delivered must be safe, clean, accessible, and appropriate for the needs of the participants living there. Auditors will inspect the property during on-site certification audits. Evidence required includes: tenancy agreements or property lease records, maintenance logs, hazard inspection records, accessibility assessments, and emergency egress plans. Providers must show that the environment is maintained to a standard that supports participant health, safety, and independence.

Outcome 3.2 — The Household Environment

Beyond the physical structure, providers must demonstrate that the household operates in a way that reflects participant choice and autonomy. This means participants have genuine control over their living environment — including who visits, how their home is organised, household routines, and domestic decision-making. Auditors look for evidence that the service agreement gives the participant genuine choice rights, not just a standardised roster imposed by the provider. Staff must understand the difference between a participant's home (where they are a guest) and a facility they manage.

Outcome 3.3 — Participant Health and Wellbeing

Providers are responsible for actively supporting participants' physical and mental health within the SIL environment. This includes medication management (which also intersects with Group 4), healthcare appointment coordination, nutrition, exercise, and the prevention of health deterioration. Key evidence includes: individual health plans, medication administration records, healthcare appointment logs, and documented escalation processes for health deterioration. Post-2024 audits have placed increasing scrutiny on nutrition and hydration records for participants with complex health needs.

Outcome 3.4 — Transitions

When participants transition into, between, or out of SIL arrangements, the process must be person-centred, well-planned, and supported. Poor transitions are a significant risk event — they are a common trigger for serious incidents. Auditors expect a documented transition planning process, participant involvement in transition planning, handover documentation when participants move between providers, and follow-up review after any transition. Evidence includes: transition plans, handover summaries, and post-transition review records.

6. Group 4: Support Provision

Group 4 applies to providers delivering ongoing direct supports (not just coordination or planning). It addresses the operational delivery of supports at the individual participant level. While Group 2 covers organisational systems and Group 1 covers rights principles, Group 4 is where those principles and systems are tested in actual service delivery.

Outcome 4.1 — Assessment and Planning

Providers must complete a meaningful assessment of each participant's support needs before delivering supports, and develop a support plan based on that assessment. The assessment must be strengths-based and must include the participant's goals, existing supports, risks, and preferences. Auditors look for current, co-developed support plans that show the participant's voice, not provider-drafted documents that participants merely sign. Evidence: completed assessments, signed support plans, participant-signed acknowledgements.

Outcome 4.2 — The Support Plan

Each participant's support plan must be a living document — regularly reviewed, updated when needs change, and reflective of current goals and circumstances. It must clearly describe the supports to be delivered, how they will be delivered, who is responsible, and how progress will be measured. A plan that is 18 months old with no documented review is a non-conformity finding. Evidence: version-controlled support plans with dated review records.

Outcome 4.3 — Delivering Supports

Supports must be delivered in a way that is consistent with the support plan and the NDIS Code of Conduct. Progress notes must be maintained for each support session — they must be accurate, objective, and contemporaneous. The NDIS Commission has been particularly active in enforcement action against providers with non-existent, inadequate, or fabricated progress notes. Evidence: shift notes, session records, daily logs for participants with high-intensity needs.

Outcome 4.4 — Managing Transitions

When participants transition between providers, or when a provider ceases to deliver supports, the process must be managed to minimise disruption and ensure continuity of care. Providers must have a service exit or transition procedure, and must provide adequate notice (consistent with the service agreement). Evidence: service agreements with exit notice clauses, transition plans, handover documentation.

Outcome 4.5 — Support Worker Knowledge and Skills

Support workers must have the skills, knowledge, and training to deliver the specific supports required by each participant. This means generic induction is not sufficient — workers must be trained in the specific needs of each participant they support (e.g., manual handling techniques, communication strategies, health management tasks). Evidence: participant-specific orientation records, training records matching participant needs, competency assessments.

Outcome 4.6 — Medication Management

Where providers are involved in medication management (whether administration, prompting, or storage), they must have a medication management policy, trained staff, and accurate medication records. This is an area of significant risk and significant audit scrutiny. Evidence: medication policy, medication administration records (MARs), staff medication competency assessments, medication storage inspection records.

7. What Evidence Do Auditors Require for Each Outcome?

Understanding what auditors look for is as important as understanding the standards themselves. NDIS certification audits follow a structured methodology. Approved Quality Auditors (AQAs) assess three types of evidence for each outcome:

• Documentation evidence: Policies, procedures, forms, registers, plans, and records. These must be current (reviewed within the stipulated timeframe), version-controlled, and approved.
• Interview evidence: Conversations with management, staff, and participants. Auditors assess whether the people in the organisation understand and can apply the policies — not just whether the documents exist.
• Observation evidence: For on-site audits (which are mandatory for SIL providers), auditors observe the physical environment, the delivery of supports, and operational practices directly.

A common failure mode is having excellent documentation but staff who cannot explain how the policies work in practice. If a support worker cannot explain what they would do if they witnessed abuse, or cannot locate the incident reporting form, that creates a finding even if the policy document is perfectly written.

The weight given to each type of evidence varies by outcome. For Outcome 2.2 (Risk Management), an auditor places heavy weight on the risk register itself and management evidence of review. For Outcome 1.1 (Person-Centred Supports), the auditor places heavy weight on participant interview responses and the quality of individual support plans. For Outcome 2.6 (Human Resources), Worker Screening Check records are binary — either current and on file, or not.

8. Core Module Requirements Table

The table below maps each Core Module outcome to its primary requirement, the key policy document your auditor will expect to see, and the primary audit evidence. Use this as your pre-audit checklist.

9. The Most Common Practice Standards Failures (and How to Avoid Them)

Audit data and practitioner experience consistently reveal the same failure patterns across Australian NDIS providers. These are not obscure edge cases — they are the findings that appear in audit reports year after year. Knowing them in advance means you can address them before your auditor arrives.

10. How the Practice Standards Relate to Your Policy Documents

One of the most common questions providers ask is: "How many policies do I actually need?" The answer depends on your registration groups and the complexity of your service delivery, but for a SIL provider delivering direct supports to NDIS participants, the minimum policy suite to satisfy the Core Module (and Group 3) typically runs to 20–30 individual policy documents, plus associated procedures, forms, and registers.

The relationship between Practice Standards and policy documents is not one-to-one. A single outcome may require multiple policy documents (for example, Outcome 1.5 typically requires a separate Safeguarding Policy, Incident Management Policy, Complaints Policy, and Open Disclosure Procedure). Conversely, a single policy document can contribute evidence to multiple outcomes (for example, a strong Participant Handbook serves as evidence for Outcomes 1.1, 1.2, 1.3, 1.4, and 1.5).

The most important principle in building your policy suite is traceability: every Practice Standard indicator should be traceable to at least one policy or procedure that addresses it, and every policy should clearly connect to the outcomes it satisfies. Including a "Purpose" section in each policy that references the relevant Practice Standard outcome is good practice — auditors appreciate it, and it demonstrates that your quality system is deliberately designed.

The Core Policy Documents Every Provider Needs

• Person-Centred Support Policy and Support Planning Procedure
• Diversity and Cultural Safety Policy
• Privacy and Confidentiality Policy (including consent forms)
• Autonomy and Dignity of Risk Policy
• Safeguarding and VANED Policy
• Incident Management Policy (including mandatory reporting procedure)
• Complaints Management Policy
• Governance Framework and Document Control Policy
• Risk Management Policy (with Risk Register)
• Quality and Continuous Improvement Policy (with CI Register)
• Information Management Policy and Records Retention Schedule
• Financial Management Policy
• Human Resources Policy suite (Recruitment, Induction, Supervision, Performance, Separation)
• Code of Conduct
• NDIS Worker Screening Register
• Staff Training Register

SIL providers additionally need: Property and Environment Management Policy, Medication Management Policy, Individual Health Management Procedure, Household Decision-Making Procedure, and Transition Planning Policy.

Beyond the policies themselves, the supporting forms, registers, and records are what transform a policy suite from a compliance fiction to a functioning quality system. A policy that says "incidents must be recorded within 24 hours" only becomes evidence when there is an actual incident register with timestamps, and those timestamps are consistently within the required window.