The NDIS Practice Standards set the benchmark for quality and safety that registered NDIS providers must meet. Developed under the National Disability Insurance Scheme Act 2013 and enforced by the NDIS Quality and Safeguards Commission, these standards apply to all registered providers and are assessed through certification and verification audits depending on registration groups.

The standards are organised into a core module, which applies to all registered providers, and supplementary modules that apply depending on the types of supports and services delivered. Together they form eight distinct modules. Understanding which modules apply to your organisation is the first step toward meaningful compliance, as applying resources to irrelevant modules wastes time and creates noise in your compliance program.

Each module contains a set of outcomes, with each outcome supported by quality indicators. Your organisation must demonstrate that it meets these indicators through documented evidence, observable practices, and participant feedback. The standards are deliberately outcome-focused rather than prescriptive, meaning providers have flexibility in how they achieve compliance but must clearly demonstrate the results.

The Rights and Responsibilities module sits at the heart of the standards framework. It requires providers to demonstrate that participants are treated with dignity and respect, that their rights are upheld, and that they are supported to exercise choice and control. This module covers person-centred planning, privacy and dignity, independence and informed choice, and violence, abuse, neglect, exploitation, and discrimination prevention.

Providers must show that participants are actively involved in decisions about their supports, that their privacy is protected in accordance with the Australian Privacy Principles, and that robust safeguards exist against harm. Evidence typically includes participant service agreements, feedback mechanisms, accessible information about rights, and documented processes for responding to rights concerns.

Governance and Operational Management requires providers to demonstrate sound business practices, effective leadership, and organisational capability to deliver safe, quality supports. This module covers governance and operational management, risk management, quality management, information management, and feedback and complaints management.

The Commission expects providers to maintain a governance structure with clear accountabilities, a risk management framework that identifies and mitigates service delivery risks, a quality management system that drives continuous improvement, secure information management practices, and an accessible complaints process. For many providers, this module is the most operationally demanding because it underpins every other aspect of compliance.

Module 3 (Provision of Supports) addresses how services are delivered, including access to supports, support planning, service agreements, safe environments, and transitions. Module 4 covers the support delivery environment, addressing the physical and operational settings where supports occur, including facilities, emergency and disaster management, and human resource management including training and worker screening.

Module 5 encompasses several supplementary modules that apply to specific registration groups. These include High Intensity Daily Personal Activities, Specialist Behaviour Support, Implementing Behaviour Support Plans, Early Childhood Supports, and Specialist Disability Accommodation. Each supplementary module adds requirements on top of the core standards. For example, the Specialist Behaviour Support module requires practitioners to hold specific qualifications and to develop, review, and report on behaviour support plans within prescribed timeframes.

Module 6 (Restrictive Practices) applies to providers who use or may need to use regulated restrictive practices. It requires authorisation, reporting, and reduction strategies for each type of restrictive practice: seclusion, chemical restraint, mechanical restraint, physical restraint, and environmental restraint. Providers must demonstrate that restrictive practices are only used as a last resort, are authorised in accordance with state or territory legislation, and are subject to ongoing monitoring and reduction efforts.

Module 7 (Incident Management) requires providers to have a system for identifying, recording, managing, resolving, and learning from incidents including reportable incidents under the SIRS (Serious Incident Response Scheme). Module 8 builds on the complaints framework in Module 2, requiring providers to demonstrate that participant feedback is actively sought, that complaints are resolved in a timely manner, and that systemic issues are identified and addressed through continuous improvement.

Mapping all eight NDIS Practice Standards modules to operational controls, evidence requirements, and task ownership is a significant undertaking. FormaOS streamlines this by providing pre-built NDIS framework packs that link each quality indicator to a control, assign ownership, schedule evidence collection, and track compliance health in real time. This ensures that no module is neglected and that audit readiness is maintained continuously.