What is the difference between Stage 1 and Stage 2 of an NDIS certification audit?

Stage 1 is an off-site document review where your approved quality auditor assesses your policies, procedures, and governance records against the NDIS Practice Standards. Stage 2 is an on-site audit that verifies those documents are genuinely put into practice, using participant and staff interviews and direct observation.

Do all NDIS providers need a two-stage audit?

No. The two-stage certification audit applies to providers registered for higher-risk supports, including Supported Independent Living. Providers registered only for lower-risk supports undergo a verification audit, which is a simpler process. Your registration groups determine which audit pathway applies.

How long does an NDIS two-stage audit typically take?

The duration varies by organisation size and the number of registration groups. Stage 1 typically takes several weeks from document submission to preliminary findings. Stage 2 on-site visits can range from one day for a small provider to several days across multiple sites. Your approved quality auditor will outline the expected timeline in your audit plan.

What happens if non-conformances are found at Stage 1?

Your auditor will document the non-conformances in a preliminary report. You may be asked to submit corrective documents or clarifications before Stage 2 proceeds. Addressing Stage 1 findings promptly is important — unresolved non-conformances carry forward and can affect the overall certification outcome.

Can a SIL provider fail a Stage 2 audit?

An auditor can find non-conformances at Stage 2 that require a corrective action plan before certification is granted. In serious cases — for example where participant safety is at risk — the auditor may recommend the Commission take compliance action. Most non-conformances result in a corrective action plan rather than outright refusal, but repeated or serious findings are escalated.

What are the most common reasons SIL providers receive non-conformances?

Common issues include incident management policies that do not specify Commission notification timeframes, staff who cannot describe reportable incident categories correctly, support plans that are not genuinely individualised, and restrictive practices that have not been formally authorised or reported to the Commission.

NDIS Stage 1 vs Stage 2 Audit: A Worked Example

Why the two-stage audit process exists

The NDIS Quality and Safeguards Commission requires registered providers delivering higher-risk supports — including Supported Independent Living (SIL) — to undergo a two-stage certification audit conducted by an approved quality auditor. The two-stage model exists because documents alone cannot confirm safe practice. Stage 1 establishes whether your organisation has built the right foundations on paper; Stage 2 tests whether those foundations are real in the day-to-day experience of participants and workers.

Under the NDIS Practice Standards (and the strengthened framework progressively taking effect from 2026), SIL providers must demonstrate conformance across the Core Module and the SIL-specific supplementary module. Non-conformances identified at either stage can delay or prevent registration renewal, require corrective action plans, and — in serious cases — trigger Commission compliance action.

Stage 1: the off-site document audit

Stage 1 is conducted remotely. Your approved quality auditor requests a document pack covering the NDIS Practice Standards that apply to your registration groups. They review that pack without visiting your premises, then prepare a preliminary report before Stage 2 begins.

What auditors assess at Stage 1

Governance and operational management — constitution or company structure, insurance certificates, risk management framework, business continuity plan.
Human resources policies — recruitment, screening (including NDIS Worker Screening Check records), induction, supervision frameworks, and performance management processes.
Incident management system — your written policy, reportable incident categories, timelines for notifying the Commission, and records demonstrating previous incidents were properly managed.
Complaints management — documented process, evidence that participants know how to complain, and sample records showing complaints were handled and closed.
Restrictive practices (where applicable) — behaviour support policies, consent and authorisation records, and evidence that regulated restrictive practices are reported to the Commission.
Participant rights documentation — service agreements, participant handbooks, easy-read materials confirming the Code of Conduct obligations are communicated.
SIL-specific documentation — individual support plans, daily living and life skills frameworks, how home and living goals are identified and reviewed.

Common Stage 1 non-conformances

Incident management policy does not list all NDIS reportable incident categories or does not specify the required notification timeframe to the Commission.
Behaviour support policy references regulated restrictive practices but contains no mechanism for obtaining behaviour support practitioner approval prior to use.
Worker screening records are present but not kept in a register that can demonstrate ongoing compliance (screening clearances must be current, not just obtained at hire).
Complaints policy does not reference the NDIS Commission as an escalation pathway for unresolved complaints.
Support plans lack a review cycle or do not connect participant goals to the specific supports being delivered.

Stage 2: the on-site audit

Stage 2 takes place at your operational sites — including SIL homes where participants live. Auditors are checking that Stage 1 documents translate into real practice. They do this through three primary methods: interviews with participants, interviews with staff and management, and direct observation of the environment and records.

What auditors assess at Stage 2

Participant interviews — conducted privately, often with an advocate or support person if the participant chooses. Auditors explore whether participants understand their rights, feel safe, know how to raise concerns, and experience the supports described in their plan.
Staff interviews — frontline workers are asked about induction, how they report incidents, what they do when something goes wrong, and how they support participant goals. Answers must match the policies submitted at Stage 1.
Management interviews — the provider's leadership is assessed on governance, continuous improvement, how complaints data informs practice, and how restrictive practices are authorised and monitored.
Record sampling — auditors review a sample of individual support plans, incident reports, complaint records, staff training logs, and restrictive practice authorisation documentation.
Environmental observation — in SIL settings, auditors observe whether the physical environment supports participant safety, dignity, and choice, including appropriate accessibility and the absence of informal restrictions.

Common Stage 2 non-conformances

Staff cannot describe the incident reporting process consistently with the written policy — a sign that training has not embedded the procedure.
Participants are unaware of their rights or how to make a complaint, indicating that rights communication is formal (a form signed at intake) rather than ongoing and accessible.
Support plans are generic across participants in the same household rather than genuinely individualised.
Restrictive practices are in use that have not been authorised through the required behaviour support pathway or reported to the Commission.
Mandatory training completions exist on paper but staff cannot demonstrate the relevant knowledge in conversation.

Worked example: SIL provider preparing for a combined audit

The following is a realistic illustration of how a small SIL provider might move through both stages. Names and details are fictional for illustrative purposes.

Audit stage	Activity	Provider preparation	Auditor finding
Stage 1 — document review	Incident management policy submitted	Policy lists reportable categories and a 24-hour internal escalation timeframe	Partial conformance — policy does not specify the NDIS Commission notification window for Priority 1 incidents. Corrective action required before Stage 2.
Stage 1 — document review	Worker screening register submitted	Register lists all workers with clearance numbers and expiry dates	Conformance — register demonstrates current clearances and is actively maintained.
Stage 1 — document review	Support plan template submitted	Template includes goals section, daily routines, health considerations, and a review date field	Conformance — template is sufficiently individualised; auditor will sample completed plans at Stage 2.
Stage 2 — on-site audit	Participant interview (three participants across two SIL houses)	Provider had conducted pre-audit rights information sessions with participants	Conformance — participants could articulate their right to raise concerns and identified the key worker as their first contact.
Stage 2 — on-site audit	Staff interview (four support workers)	Workers had completed incident reporting refresher training two weeks prior	Partial non-conformance — two of four workers could not correctly identify what constitutes a Priority 1 reportable incident. Corrective action plan required.
Stage 2 — on-site audit	Record sampling (five support plans reviewed)	Plans were updated in the three months before audit	Conformance — plans were individualised and referenced each participant's NDIS goals. One plan lacked a documented review date; minor non-conformance noted.

In this example, the provider achieved conditional certification. They were required to submit a corrective action plan addressing the incident reporting knowledge gap and the missing review date within a specified timeframe set by the auditor. The Commission was notified of the outcome through the auditor's certification report.

How to prepare: a practical step list

Map your registration groups to the applicable Practice Standards modules — identify every standard that applies to your services, not just the core module.
Conduct a pre-audit gap analysis — compare each policy against the standard it is meant to meet. Check for missing notification timelines, absent authorisation pathways, and unsigned agreements.
Build a document register — create a master list of every policy, procedure, form, and record the auditor will request, with the version date and owner noted.
Run practice staff interviews — ask your workers the questions auditors ask. Gaps in knowledge become training priorities, not audit findings.
Prepare participants — ensure every participant understands their rights and the complaints process in a way that is accessible to them, and that this is an ongoing conversation, not a one-off form.
Check restrictive practice records — if any regulated restrictive practices are in use, verify each one has current authorisation documentation and has been reported to the Commission.
Address Stage 1 findings before Stage 2 — if your auditor identifies non-conformances at Stage 1, resolve and re-submit before the on-site visit wherever the audit timeline permits.

Providers seeking a head start on document preparation can access the 74-document audit-ready SIL compliance kit at ndiscompliant.com.au, which is structured to the NDIS Practice Standards and designed to address the most common Stage 1 and Stage 2 non-conformances.

Key points to remember

Stage 1 is about what you have written; Stage 2 is about what you actually do.
Non-conformances at either stage require a corrective action plan — they do not automatically mean registration is refused, but they add time and cost.
Under the strengthened Practice Standards framework, the Commission has placed increased emphasis on participant experience and worker knowledge, meaning Stage 2 carries greater weight than it once did.
Approved quality auditors are independent — preparing honestly for your own gaps is always more efficient than discovering them on audit day.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.