Can I submit the self-assessment before I have all my policies in place?

Technically the Commission portal allows you to submit a self-assessment with 'not met' ratings, but this is inadvisable. Your self-assessment is submitted to your AQA as a starting point for the audit. Submitting a self-assessment showing major gaps signals to the auditor (and the Commission) that your organisation is not audit-ready, and may prompt additional scrutiny.

How specific do my evidence statements need to be?

As specific as possible. A statement like 'we have a policy' is insufficient. Effective evidence statements identify the specific document (name, version number), describe how it is implemented in practice, reference how staff are trained on it, and note when it was last reviewed. The more concrete and traceable your evidence statement, the better positioned you are heading into the audit.

What happens if I self-assess an outcome as 'met' but the auditor disagrees?

This is one of the most common audit scenarios. If the auditor finds that the evidence doesn't support your 'met' rating, they will record a non-conformity. This is not fraud or misrepresentation — it is a normal part of the audit process. The auditor's job is to independently verify your claims. If you self-assessed 'met' in good faith with genuine evidence, you can present that evidence and make your case during the audit.

Is the self-assessment shared with the NDIS Commission before the audit?

Yes. Your self-assessment is submitted through the NDIS Commission's provider portal as part of your registration application. The Commission shares it with your chosen AQA as a starting point for the audit. It is a formal document — treat it with the same care as any other regulatory submission.

NDIS Provider Self-Assessment: How to Complete It and What Auditors Expect

What the Self-Assessment Involves

The NDIS provider self-assessment is a structured evaluation that every applicant for NDIS registration must complete. You assess your organisation against each outcome in the applicable NDIS Practice Standards — for certification providers, this means the full Core Module (18 outcomes) plus any supplementary modules relevant to your registration groups. For verification providers, the assessment covers the Verification Module outcomes only.

For each outcome, you rate your organisation's compliance and provide an evidence statement describing how you meet that outcome. The self-assessment is submitted as part of your registration application through the NDIS Commission's provider portal and is shared directly with your chosen Approved Quality Auditor (AQA) as the starting point for their audit.

This means the self-assessment performs two functions: it is both a formal regulatory submission to the NDIS Commission and a communication to your auditor about what evidence they should expect to find. Both functions demand that it be completed with precision and honesty.

Completing the Self-Assessment in the Commission Portal

The NDIS Commission's provider registration portal (accessible at ndiscommission.gov.au) presents the self-assessment as a structured online form. You will navigate through each Practice Standard outcome applicable to your registration groups, entering a rating and an evidence statement for each.

Before you begin completing the self-assessment, take the following preparatory steps:

Download the NDIS Practice Standards document from the NDIS Commission website. Read the indicators for each outcome — these indicators describe the specific behaviours and systems the outcome requires.
Map your existing documentation to each outcome. Identify which policies, procedures, and records correspond to each Practice Standard outcome before you start typing.
Involve key staff in the self-assessment. Managers responsible for governance, human resources, and direct service delivery will have important input on whether outcomes are genuinely met.
Allow adequate time. A thorough self-assessment for a certification applicant will take 8–20 hours of work across multiple staff members. Do not attempt to complete it in a single sitting.

The portal allows you to save your progress, so you can work through the self-assessment in stages. Do not submit until you have reviewed every outcome and are satisfied with the accuracy and completeness of your statements.

Met vs Not Met: What These Ratings Mean

For each outcome, you have two primary rating options: Met and Not Met. (Some portals also offer a "Partial" or "In Development" option for new providers.) Understanding what these ratings mean — and the consequences of each — is fundamental to completing the self-assessment correctly.

Rating an Outcome as "Met"

A "Met" rating means that your organisation fully meets the outcome as described in the Practice Standards, right now. Not that you intend to, not that you have a plan to, not that you mostly do. To rate an outcome as "Met", you should be able to point to existing, implemented documentation and practice that satisfies every indicator for that outcome.

"Met" does not require perfection, but it does require genuine evidence. If an outcome requires you to have an incident management system, "Met" means you have a written policy, staff have been trained on it, it has been implemented in practice, and you can demonstrate this with records.

Rating an Outcome as "Not Met"

"Not Met" means you acknowledge a gap. This is not automatically disqualifying for new applicants — the Commission and your AQA understand that organisations new to NDIS registration may not yet have every system in place. However, significant "Not Met" ratings will be examined closely by your auditor and may result in non-conformity findings that must be resolved before registration proceeds.

For providers working toward the 1 July 2026 deadline, entering "Not Met" ratings is a strong signal to pause the application and develop the missing documentation before proceeding.

Approaching Each Practice Standard Outcome

The NDIS Practice Standards Core Module is organised around four groups and 18 outcomes. Here is how to approach the self-assessment for each group:

Group 1: Rights and Responsibilities (Outcomes 1.1–1.5)

Outcome 1.1 — Person-centred supports: Evidence includes your Person-Centred Support Policy, individual support plans showing participant input, and records of how staff are trained in person-centred approaches. Your evidence statement should reference specific documents and describe how participant goals drive support delivery.

Outcome 1.2 — Individual values and beliefs: Your Cultural Safety Policy and diversity training records are the primary evidence. Evidence statements should note how staff are trained to respect and accommodate individual values, including cultural, linguistic, and religious differences.

Outcome 1.3 — Privacy and dignity: Evidence includes your Privacy and Confidentiality Policy, consent forms (including Consent to Collect and Consent to Share Information), and your data breach response procedures. Reference Privacy Act 1988 (Cth) compliance in your statement.

Outcome 1.4 — Independence and informed choice: Your Independence and Informed Choice Policy, Dignity of Risk documentation, and any participant decision-making support records are key evidence. Auditors look for evidence that your organisation actively supports participant autonomy rather than substituting your judgement for theirs.

Outcome 1.5 — Privacy, dignity and confidentiality: Evidence includes your Complaints and Feedback Policy and system, your Safeguarding (VANED) Policy, and records demonstrating that complaints are received, investigated, and resolved. Include your Complaints Register as evidence.

Group 2: Governance and Operational Management (Outcomes 2.1–2.6)

Outcome 2.1 — Governance and operational management: Your Governance Framework, Board/Management Committee records, organisational chart, and financial management documentation are all relevant. This outcome requires demonstrated accountability at the organisational governance level.

Outcome 2.2 — Risk management: Evidence includes your Risk Management Policy, current Risk Register, and Emergency and Disaster Management Plan. Auditors will want to see that risks are actively identified, assessed, and managed — not just that a policy exists.

Outcome 2.3 — Quality management: Your Quality Management and Continuous Improvement Policy, Internal Audit Program, Continuous Improvement Register, and meeting minutes documenting quality improvement activities are the core evidence.

Outcome 2.4 — Information management: Evidence includes your Information Management Policy, Document Control Register, and incident reporting procedures. This outcome requires demonstrated systems for managing and retaining records.

Outcome 2.5 — Financial management: Financial statements, budget processes, and financial controls documentation. For small organisations, this may include bank account controls, authorisation protocols, and your Financial Management Policy.

Outcome 2.6 — Human resources: This is one of the most evidence-heavy outcomes. Your HR Policy, Worker Screening Policy and Register, Training Register, staff induction records, supervision records, position descriptions, and recruitment documentation all contribute. NDIS Worker Screening Check compliance is specifically required.

Group 3: Provision of Supports (Outcomes 3.1–3.4)

Outcome 3.1 — Access to supports: Evidence includes your Access to Supports Policy and service agreement templates. Demonstrate that you have clear, accessible processes for people to request and commence supports.

Outcome 3.2 — Support planning: Your Support Delivery Policy, Support Plan templates, and completed participant support plans (with appropriate redactions for privacy) demonstrate this outcome. Auditors look for participant involvement in planning.

Outcome 3.3 — Transitions: Your Transition Policy and any documented transitions (with or without participant details) are relevant. For new providers without transition history, your policy documentation and awareness of transition obligations is the primary evidence.

Outcome 3.4 — Service agreements: Your Service Agreement template is the primary document. Ensure your template includes all elements required under the NDIS Commission's service agreement guidance, including how to manage changes, cancellations, and disputes.

Group 4: Support Provision Environment (Outcomes 4.1–4.5)

For SIL providers, Group 4 is particularly important. Outcome 4.1 (safe environment) requires evidence that your physical environments are safe, including safety inspection records, fire safety plans, and maintenance procedures. Outcome 4.3 (medication) requires your Medication Management Policy and Medication Administration Records. Outcome 4.4 (mealtime management) applies if you support participants with complex mealtime needs. Outcome 4.5 (infection control) requires your Infection Control Policy and evidence of implementation.

Common Self-Assessment Mistakes

Over-Claiming: Rating Outcomes as Met Without Sufficient Evidence

The most damaging mistake is rating outcomes as "Met" when your evidence doesn't support it. This creates a mismatch between your self-assessment and what the auditor finds — which becomes a non-conformity, undermines your credibility, and in the worst case can be viewed as a deliberate misrepresentation to a regulator.

Signs that you may be over-claiming: you cannot immediately name a specific document that evidences the outcome; your policy exists but has never been implemented; staff are not aware of the policy; the policy was drafted for the registration application and has not been actively used.

Under-Claiming: Rating Outcomes as Not Met When Evidence Exists

Under-claiming is less common but still problematic. Some providers are overly conservative and rate outcomes as "Not Met" because they believe their evidence isn't good enough, when in fact it is sufficient. This invites unnecessary scrutiny from your auditor and creates a poor initial impression. If you have genuine evidence, document it clearly and rate the outcome as "Met".

Vague Evidence Statements

Generic statements like "we have a policy for this" or "we comply with all relevant legislation" are inadequate. Auditors see these statements as red flags — they suggest the provider has not thought carefully about the evidence and may not have it. Be specific: name the document, describe its content, reference implementation.

Failing to Address All Indicators

Each Practice Standard outcome has multiple indicators. A common mistake is to provide evidence for one or two indicators while ignoring others within the same outcome. Read all indicators for each outcome and ensure your evidence statement addresses them all.

How Auditors Cross-Reference Your Self-Assessment

Your AQA receives your self-assessment before the audit begins. During the desktop review (Stage 1 of a certification audit), they use it as a roadmap: every "Met" rating is a claim they will test against the evidence you provide. Every evidence statement that references a document will prompt them to request that document.

During the on-site audit (Stage 2), auditors cross-reference your self-assessment against what they observe and hear. If you rated Outcome 2.6 (human resources) as "Met" and claimed all workers have completed induction, but interviews with frontline staff reveal they have not seen the induction checklist, this creates a non-conformity.

Think of your self-assessment as a contract with your auditor: you are telling them what they will find. The audit is their process of verifying that claim. The more accurate and evidence-based your self-assessment, the smoother your audit experience will be.

Writing Strong Evidence Statements

An effective evidence statement for each outcome should contain four elements:

Document identification — name the specific policy, procedure, form, or register (including document number and version if applicable)
Implementation description — explain how the document is used in practice, not just that it exists
Staff awareness — describe how staff are trained or informed about the relevant policy or procedure
Review and monitoring — note when the document was last reviewed and how compliance is monitored

Example: Weak Evidence Statement (Outcome 2.6 — Human Resources)

"We have an HR policy and all staff undergo screening."

Example: Strong Evidence Statement (Outcome 2.6 — Human Resources)

"Our Human Resources Policy (v2.1, last reviewed March 2026) governs all recruitment, induction, supervision, and performance management. All direct support workers hold a current NDIS Worker Screening Check — these are recorded in our Worker Screening Register (updated monthly). New staff complete a 26-item induction checklist (Form 032) within their first week; completed checklists are retained on the staff HR file. Supervision is conducted quarterly and documented using our Supervision Record Template (Form 033), with records retained for seven years. Position descriptions for all roles are current and held in the Document Control Register."

The Documents That Back Up Every "Met" Rating

The SIL Rescue Kit provides 65 audit-ready documents — policies, forms, and registers — mapped to every Core Module Practice Standard outcome. When you say "Met," these documents are the evidence that proves it.

Get the SIL Rescue Kit — $297

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.