Getting started
The NDIS registration checklist The whole registration journey as a tick-as-you-go list, following the same path as our DIY registration guide - from checking you are suitable, through setting up your business, tailoring every document, building your evidence and passing your audit. Each step links to its full detail in the guide. Tick things off as you do them. It is a map you work through, not a guarantee of registration.
Most tasks apply to everyone. Ones marked Certification only apply if your supports put you on the deeper certification pathway ; ones marked Qualified review should be checked by a suitably qualified person.
Create a free account to save your progress. Your ticks are kept in this browser for now - make an account and they save to your account, so you can pick up where you left off on any device.
Step 0 - Are you ready and suitable to register? Before anything else, check that you and your key people are fit and suitable to run an NDIS service, lock your legal entity, and pin down your scope. Check all 0/20 Full detail for this step in the guide List your key personnel - the people who control or run the business (a sole trader is just you; a company is its directors and key decision-makers) The Commission assesses each of them for suitability. Check honestly that no key person has undisclosed bankruptcy or insolvency history Check honestly that no key person has relevant criminal history or indictable offences Check honestly that no key person has banning orders, prior refusals, cancellations or adverse compliance history Identify any conflicts of interest for your key people and confirm they are manageable Be ready to show real experience and capability to govern the supports you are applying for Disclose any past insolvency, criminal or enforcement history honestly, and get advice before applying if you have any Non-disclosure is itself a ground for refusal; giving false or misleading information is a civil penalty and a criminal offence. Gather, for each key person: qualifications and certificates, a Working With Children Check where relevant, an NDIS worker screening clearance, and 100 points of ID Have these on file and matched to the names in your application and on the portal. Decide your legal entity: sole trader vs company A company separates personal liability but costs more; a sole trader is cheapest and quickest. This is the entity that gets registered. If a company: register the ACN, ABN, a business name if you trade under one, and a bank account in the company name, and keep ASIC officeholder details current Make sure the same legal entity matches your ABN, business name, insurances, service agreements, worker contracts, invoices and bank account Mismatches cause audit and payment problems later. Keep AHPRA registration and professional-association membership in the individual practitioner file, not the business entity file These usually belong to the individual; link the practitioner to the provider via an employment, contractor or sole-practitioner arrangement. Write down the supports you will actually deliver and confirm none quietly cross into a supplementary-module area Check your scope against the danger list: medication, mealtime or swallowing risk, bowel care, diabetes or seizure management, behaviour support plan implementation, locked doors or restrictive practices, early childhood early-intervention, child-related work, transport in a worker car, overnight or sleepover Qualified review If any apply, you may need extra evidence or a different module - get advice first. For allied health: name at least one appropriately qualified practitioner and have their evidence ready before applying for 0128 Best practice is not to apply until you can show a qualified practitioner, or evidence of your capacity to engage one. Identify the exact registration or membership level your profession requires (AHPRA, CPSP, APD, AEP, AASW, RMT, etc.) against the Commission Qualifications and Professional Associations guide Several professions require more than membership - the right level plus experience, supervision and CPD. Confirm your profession matches the support you will bill (a physio bills physio items, not OT) Confirm you are applying for the correct group only and not straying into a separate group such as 0118 early childhood, 0110 behaviour support, or equipment/home-mod/prosthetics groups Adding any certification group to a verification application makes the whole audit certification. For children: confirm whether your work is ordinary profession-specific therapy (0128) or early childhood early-intervention / key-worker supports (group 0118, a separate certification pathway) A child getting OT/speech/physio is not automatically 0118; early-childhood intervention supports are. Confirm you are not delivering SIL or NDIS digital-platform services From 1 July 2026 those have mandatory-registration pathways and separate classes - out of scope for the standard guides. Step 1 - Preparation: lock your foundations Get your business, government access, insurances, screening and training in place - and save the evidence (screenshot, PDF or certificate) for each. Check all 0/24 Full detail for this step in the guide Confirm your registration groups in writing For the certification worked example these are 0107, 0117, 0125; for allied health it is 0128. Confirm whether your group mix is a certification audit (Stage 1 desktop plus Stage 2 on-site) or a verification audit (desktop only) Your overall audit type is the highest-risk of the groups you pick. For 0107: confirm your personal care is standard, not high intensity (PEG/tube feeding, ventilation, complex bowel or wound care, and often diabetes, seizure, dysphagia, catheter or injection support) Qualified review Certification only High intensity needs group 0104 plus the HIDPA module - extra evidence. Read and note the ongoing registration conditions the Commission imposes on personal-support providers like 0107 Certification only Extra safeguards for situations like a sole worker supporting a participant who lives alone. Register your ABN and business structure, matching the entity from Step 0 abr.gov.au Register a business name if you trade under a name that is not your own asic.gov.au Register for GST if your turnover requires it Get tax advice - GST treatment of NDIS supports is not automatic. Open a business bank account in the entity name Set up myID myid.gov.au Link and authorise your entity in Relationship Authorisation Manager (RAM) You use myID/RAM to access the NDIS Commission Applications Portal. authorisationmanager.gov.au Write a one-page scope of what you actually do (personal care, community access, transport, home visits, lone work, telehealth, paediatrics, assessments) and give it to your broker Keep the quote and email trail as evidence. Take out public liability insurance with a certificate of currency naming your legal entity Common market expectation is around $10-20m; match it to your real service risks and confirm with your broker. Take out professional indemnity insurance covering the discipline or supports you actually deliver Auditors generally require PI even for support-work-only delivery; for allied health it must cover the exact discipline. Ask your insurer or broker to confirm in writing that cover extends to how you actually work (subcontractors, telehealth, home visits, paediatrics, assessments and reports, therapy assistants) A certificate that just says allied health may not be enough if exclusions do not cover your model. If you use contractors, confirm in writing whether your PI covers contractor-delivered services or whether each contractor needs their own Take out accident / personal accident insurance as required by the Verification Module required-documentation list and your business structure Sole practitioners often confuse this with workers comp and public liability. Arrange workers compensation cover once you employ workers, per your state or territory scheme Some states have a small-wages threshold; check your state regulator before you engage anyone. If you employ no one (or are under the wages threshold), get a certificate of exemption or non-liability from your state scheme An auditor wants to see either workers-comp cover or proof you are exempt. Build a short Risk-Assessed Role Register listing which roles are risk-assessed and why Use the Commission worker-screening guidance to decide what counts as a risk-assessed role. Get a cleared NDIS Worker Screening Check for yourself and everyone in a risk-assessed role, and record each clearance ID and expiry A police check alone is not enough. If you need to check or link clearances before registering, apply for NDIS Worker Screening Database access through the Applications Portal as an unregistered provider Once approved, link and check your key personnel and workers, confirm status and expiry, then lodge. Set up a process to stand someone down immediately if their screening is suspended or excluded Complete the NDIS Worker Orientation Module (Quality, Safety and You) yourself, have your workers complete it, and keep the certificates training.ndiscommission.gov.au Confirm your document pack is available and your record system is set up and you can log in Step 2 - Build and tailor your document foundation Generate every document pre-filled, then tailor each one to how you actually operate - generic, untouched documents are the number one reason providers struggle at audit. (Tick off each individual document in the section below this one.) Check all 0/30 Full detail for this step in the guide Write a one-page Operating Model first: who owns the business, who manages delivery, who handles complaints and incidents, who rosters, who supervises, where records are stored, which supports are in scope, and which you explicitly do not offer Then tailor every document to that model. Decide and document who holds each role and responsibility (if you are a sole trader, that is you for every role) Decide on your secure record-keeping system / CRM and confirm it can hold participant files, worker files, registers, rosters, notes and an audit-readiness view Bluetail CRM is one option; any secure system that does this works. Tailor every policy and procedure to how you actually operate, replacing or deleting every red, highlighted prompt If any red text is left, it is not finished. Keep the fixed standard content as-is (the parts that restate the law or NDIS rules, e.g. the eight elements of the Code of Conduct) Do not reword fixed content. Add your-business content wherever a document describes a process, a person, a timeframe or a record This is the part the auditor is really reading. Wherever a policy says we record this, name exactly where (e.g. logged in the incident register in your CRM) So the auditor sees an unbroken thread from policy to evidence. For every policy, work out the matching procedure, form, register, reviewer, review frequency and close-out record A policy pack is a promise; an audit pack is the proof you kept it. Title any document that covers both the rules and the steps as a policy and procedure Give the Governance, Continuous Improvement, Risk, Incident, Complaints, Records, Conflict of Interest and participant-facing policies the most attention They carry the most process and record detail. Write a one-line Scope of Supports / Service Delivery Statement Tailor your Lone Worker Policy and procedure to your one-to-one work Certification only Important for 0107/0125 one-to-one support. Tailor your Transport & Vehicle Policy to your community-access work Certification only Important for 0125 community access. Back your Training & Development Policy with a Training Register that logs every worker training and refresher due-date (including CPR and First Aid) Prepare a Subcontractor Agreement and Subcontractor Compliance Checklist if you use contracted workers Tailor your Medication Management Policy only if your workers support medication Qualified review Tailor your Mealtime Management Policy only if you support mealtime or swallowing risk Qualified review Tailor your Restrictive Practices Policy only if you use regulated restrictive practices Qualified review Have your medication, mealtime and restrictive-practice policies reviewed by a clinically qualified person before you rely on them Qualified review A mistake here can seriously harm someone. If you support any participant whose behaviour support plan includes regulated restrictive practices, put the full consent and authorisation framework, procedures and staff training in place before any restrictive practice is used, and confirm you are registered for and audited against the relevant behaviour support module Qualified review Certification only Applying a restrictive practice without correct authorisation can be unlawful. This moves you out of standard scope. Write a short governance statement setting out who holds which responsibilities (sole traders included) Set up a backup or delegation arrangement (who covers you if you are away) Prepare an annual business / quality plan Plan to run quarterly governance review notes covering risks, incidents, complaints, feedback and improvements Prepare current conflict-of-interest declarations for your key people Build your Core Module (or Verification Module) evidence map connecting each standards area to the records that prove it Auditors think in outcomes proven by evidence, not policies on a shelf. Draft an example self-assessment line for each module area that names the policy, the record, the responsible person and the review For allied health, make sure your Incident Management Policy explicitly references the NDIS reportable incident categories and timeframes A generic incident policy is the classic verification fail. Add outcome measures to your Participant Support Plan / therapy plan template Make sure your Consent Form includes consent to therapy and to share clinical information for allied health clients Your 57 documents - tailor each one The document set from Step 2. Have you tailored each of the 57 to how you actually operate? Check all 0/57 Most need at least some tailoring. Each is a starting point pre-filled with your business details - read it, make sure it describes what you really do, and that you follow it in practice. The higher-risk ones (flagged) should be reviewed by an appropriately qualified person.
Governance & quality 0/8 Read and tailor your NDIS Code of Conduct & Worker Code of Conduct The 7 NDIS Code of Conduct obligations, adapted into your own worker code with a sign-off page. Read and tailor your Governance & Operational Management Policy How your business is run, who is responsible, and how you stay compliant. Read and tailor your Continuous Improvement Policy How you review and improve your services over time (a Practice Standards requirement). Read and tailor your Risk Management Policy & Framework How you identify, assess and manage risks to participants, staff and the business. Read and tailor your Emergency & Business Continuity Plan How supports keep running through emergencies, disasters and disruptions. Read and tailor your Quality Improvement Plan (annual) Annual planning template covering priorities, measures, owners and review schedule. Pairs with the Continuous Improvement Policy. Read and tailor your Stakeholder Feedback Survey Feedback from the people and services you work alongside (support coordinators, other providers, allied health, families/carers). Continuous improvement expects feedback from a range of sources, not only participants. Read and tailor your Financial Management Policy Financial governance, budgeting, viability and continuity, NDIS claiming integrity, fraud controls and insurance - the Governance “Financial Management” standard.
Policies & procedures 0/15 Read and tailor your Privacy & Confidentiality Policy How you collect, store, use and protect participant and staff information. Read and tailor your Incident Management Policy & Procedure How you record, respond to and report incidents, including NDIS reportable incidents and their timeframes. Read and tailor your Complaints & Feedback Management Policy How participants raise complaints and give feedback, and how you respond. Read and tailor your Work Health & Safety (WHS) Policy Your duty of care and safe-work approach for staff and participants. Read and tailor your Infection Prevention & Control Policy Hand hygiene, PPE and outbreak measures. A worker training requirement under the Standards. Read and tailor your Records & Information Management Policy How you keep, secure and retain records. Read and tailor your Conflict of Interest Policy Identifying and managing conflicts so participant choice isn’t compromised. Read and tailor your Worker Supervision Policy How you supervises workers: frequency, what supervision covers, and how concerns are handled. Read and tailor your Transitions Policy Planned and unplanned transitions in, out and between supports, including continuity of supports. Read and tailor your Communication & Information Accessibility Policy Easy Read, interpreters, Auslan, AAC and other accessible-communication arrangements. Read and tailor your Transport & Vehicle Policy Safe transport of participants: licences, vehicle registration and insurance, restraints, transfers, and what to do after a breakdown or accident. Read and tailor your Data Breach Response Plan The four steps (contain, assess, notify, review) under the Notifiable Data Breaches scheme - which applies to you because you handle health information. Read and tailor your Lone Worker Policy & Procedure Check-in system, missed-check-in escalation and personal safety for workers supporting participants one-to-one in homes and the community. Read and tailor your Open Disclosure Procedure How you communicate openly and honestly with a participant after something goes wrong. Pairs with the Incident Management Policy. Read and tailor your Social Media & Online Conduct Policy Protecting participant privacy online, image consent, professional conduct and boundaries on social media.
Working with participants 0/13 Read and tailor your Participant Rights, Dignity & Safeguarding Policy Rights, choice, dignity of risk, and protection from abuse, neglect and exploitation. Read and tailor your Service Access & Intake Policy How you take on (and, where needed, decline or exit) participants fairly. Read and tailor your Service Delivery & Support Planning Policy Person-centred support planning, delivering supports day to day, and reviewing them - the gap between intake and an ongoing service. Read and tailor your Participant Service Agreement (template) The agreement between you and each participant: supports, costs, cancellations, rights, ending the agreement. Read and tailor your Participant Consent Form Consent to provide supports and to collect/share information. Read and tailor your Participant Handbook / Welcome Pack Plain-language pack the participant gets at intake: rights, complaints, emergency contacts and what to expect. Read and tailor your Participant Feedback Survey A short, plain-language survey you send participants (e.g. yearly) to ask how things are going. The evidence behind continuous improvement: ask, record what you hear, and show what you changed. Read and tailor your Participant Money & Property Policy Cash handling, cards, valuables, keys, gifts, and how to respond to suspected financial abuse. Read and tailor your Participant Intake & Assessment Form Captures a new participant’s details, goals, health/communication needs and an initial risk screen before supports begin. Read and tailor your Participant Risk Assessment The per-participant risk assessment auditors expect on file - risks, ratings, controls and review, with dignity of risk respected. Read and tailor your Participant Support Plan (template) Person-centred plan built with the participant: goals, the supports you’ll provide, how they like them delivered, risks and review. Read and tailor your Progress Notes (template + guidance) The day-to-day support record, with guidance on writing factual, person-centred notes that an auditor would accept. Read and tailor your Individual Emergency Plan Per-participant emergency plan developed with the participant: their needs in an emergency, what to do, and how critical supports continue.
Staff & employment 0/10 Read and tailor your Human Resources, Recruitment & Screening Policy Recruiting, screening (incl. NDIS Worker Screening), training and supervising staff. Read and tailor your Training & Development Policy Induction (incl. the NDIS Worker Orientation Module), role-specific and mandatory training, and keeping worker skills current. Read and tailor your Casual Employment Agreement (template) A casual contract you can issue to support workers. Read and tailor your Part-Time Employment Agreement (template) A part-time contract template. Read and tailor your Full-Time Employment Agreement (template) A full-time contract template. Read and tailor your Position Description: Support Worker A ready-to-use support worker role description. Read and tailor your Offer of Employment Letter (template) A conditional offer letter that precedes the Employment Agreement - makes the offer subject to NDIS Worker Screening, references and right to work. Read and tailor your Confidentiality & Privacy Agreement (worker-signed) A worker undertaking to keep participant and business information confidential, during and after employment. Backs the Privacy & Confidentiality Policy. Read and tailor your Employee Details & Onboarding Form Collects new-starter details, bank/super/TFN declaration prompts, emergency contact and qualifications. Read and tailor your Worker Induction (presentation) A ready-to-run induction session for new workers - branded cover page, what your organisation does, and every standard a new NDIS worker needs (Code of Conduct, safeguarding, incidents, privacy, WHS) with a sign-off page. Edit the highlighted parts for your organisation.
Registers & forms 0/8 Read and tailor your Incident Register The single log of all incidents (incl. reportable ones) with follow-up and status, so incidents can be tracked and trended - not just recorded one-by-one. Read and tailor your Incident Report Form A form your staff fill in when an incident happens. Read and tailor your Complaints & Feedback Register A log to track complaints and how they were resolved. Read and tailor your Risk Register A log to record risks, ratings and controls. Read and tailor your Conflict of Interest Register Logs declared conflicts, how each is managed, and disclosure to the participant - the evidence behind the Conflict of Interest Policy. Read and tailor your Restrictive Practices Register Logs each use of a regulated restrictive practice under an authorised behaviour support plan, for monthly Commission reporting. For providers who use restrictive practices. Read and tailor your Staff Record & Compliance Checklist Tracks each worker’s screening, qualifications, orientation module and training. Read and tailor your Complaint Letter Templates (acknowledgement + outcome) Two ready-to-send letter templates pairing with the Complaints Policy.
Specialised supports (only if you provide these) 0/3 Only if you deliver these supports.
Read and tailor your Medication Management Policy Qualified review Levels of medication support, the "five rights", recording every dose, storage and what to do when an error happens. Read and tailor your Mealtime Management Policy Qualified review Mealtime risk and dysphagia, mealtime plans, modified diets, choking response and enteral feeding (HIDPA). Read and tailor your Restrictive Practices Policy Qualified review The 5 regulated restrictive practices, when use is permitted, monthly Commission reporting, and the 24h-vs-5BD timeframes for unauthorised use. Step 3 - Set up your record system: enter your data Put your business into your record system so your evidence has a home from day one. You do not need participants or even workers to apply, but enter whatever you have. Check all 0/38 Full detail for this step in the guide Enter your business details, ABN and logo into the record system Set user access levels controlling who can see participant files (clinical notes are sensitive health information) Set a password and MFA rule Set up a backup and export process Set up your data-breach process and your retention/archive process Upload your insurance certificates PI and public liability (and accident for allied health). Create and populate your Incident Register and Incident Report Form Create and populate your Complaints & Feedback Register Create and populate your Risk Register Create and populate your Conflict of Interest Register Create and populate your Continuous Improvement Register and Corrective Action Register Certification only Create and populate your Data Breach Register Certification only Create and populate your Training Register, Supervision Register and Worker Screening Register Create and populate your Staff Record & Compliance / Currency tracker (registration, screening, orientation, PI expiry, CPD) Create and populate your Policy review register, with last-reviewed and next-due dates for each policy Create a Restrictive Practices Register only if applicable Qualified review Create your CPD / Supervision register Central to an allied-health audit. For each worker, file their Worker Screening clearance and role risk assessment For each worker, file their Orientation Module certificate For each worker, file their signed Code of Conduct, Employment Agreement, Position Description and Confidentiality Agreement For each worker, file proof of identity, right to work, completed reference checks and qualifications For each worker, file first aid/CPR, WWCC if children may be supported, and driver licence plus comprehensive car insurance if they transport participants For each worker, file policy acknowledgement, induction checklist, skills/availability and training plus supervision dates For each worker, file role-specific training evidence: infection prevention and control, PPE use, manual handling/personal-care training for 0107, transport/community-access and lone-worker training for 0125, plus refresher dates Give each subcontractor their own file with their agreement, their own public liability and professional indemnity, screening and qualifications They cannot work under your insurance umbrella and are not filed as employees. For each practitioner (including yourself if qualified), file current AHPRA registration or professional-association membership at the right level Treat practitioner evidence as the spine of the whole allied-health audit. For each practitioner, file professional indemnity covering their discipline For each practitioner, file qualifications, CPD records, clinical supervision arrangement, scope of practice, discipline/specialties, availability and an expiry tracker For each practitioner or worker providing direct hands-on supports, file infection prevention and control refresher and PPE training evidence Confirm therapy assistants only deliver a therapist-designed program under documented delegation and supervision, at the correct Level 1 or Level 2 per the current PAPL They do not assess, diagnose, set goals or change plans. For each participant, file the signed Service Agreement and Consent Form, noting any consent limits or expiry Include consent to therapy and to share clinical information for allied health. For each participant, file the Intake & Assessment Form and Risk Assessment (participant, plus home or site where you deliver supports) For each participant, file a person-centred, goal-based Support Plan and Individual Emergency Plan For a participant you already support, file their Progress Notes to date (factual, dated, attributed) For each participant, file decision-maker / nominee / guardian details and communication, cultural and language needs For each participant, file transport consent and risk assessment if you do community access Certification only For each participant, confirm the Handbook / Welcome Pack was given, record NDIS plan details and how it is managed (plan/self/agency), and set up a goal-review and exit/transition plan For each allied-health participant, build the clinical file minimum: referral or source of request, consent, assessment findings, goals linked to their plan, therapy plan, session notes, review and outcome measures, risks, key communications, and discharge/transition summary where relevant Step 4 - Run the service and build the evidence This is the phase auditors care about most - proof you actually do what your policies say, with every support leaving a record. Check all 0/15 Full detail for this step in the guide Operate honestly as an unregistered provider: never call yourself NDIS-registered, and do not deliver supports that legally require registration Be honest with participants that you are not yet registered (it affects plan-managed/agency-managed funding). Write progress / shift / clinical notes for every support, factual, person-centred, dated and attributed to the author Log every incident in the Incident Register with follow-up Lodge an Immediate Notification Form within 24 hours of becoming aware for a death, serious injury, abuse or neglect, unlawful sexual or physical contact or assault, sexual misconduct, or an unauthorised restrictive practice that caused harm Qualified review Treat these timeframes as hard deadlines. Lodge a 5 Day Form within 5 business days of becoming aware, with detail and actions taken Qualified review For an unauthorised restrictive practice that did not cause immediate harm, the 5 Day Form is the only form required. Run your incident system internally even before registration and record what would have been reportable Reportable-incident notification obligations formally apply once registered, but the system must be genuinely set up. Report anything serious or unlawful (abuse, neglect, assault, sexual misconduct, a death) to the right authorities (police, child protection, the coroner) and to the participant or their decision-maker, registered or not Qualified review The reportable-incident forms are not the only obligation; the Code of Conduct still binds you. Log every complaint and piece of feedback in the Complaints Register and close it out Record worker supervision, training, continuous improvement and policy reviews as they happen Record clinical supervision and CPD as it happens For allied health. Make sure records are dated and identify the author, and that corrections never delete the original history Especially important for clinical notes. Make sure incidents and complaints link to corrective actions, feedback links to continuous improvement, and risks link to reviews If you have no participants yet, build system-readiness evidence by walking a mock incident and mock complaint through your registers, clearly labelled as a drill, never as a real participant record Auditors do not assess mock participant records; they rely on your tailored policies, registers and your answers. For allied health with no clients yet, also prepare an internal review against the Verification Module, a de-identified sample assessment/therapy plan, and your own supervision and CPD records, and ask your auditor in writing whether they will accept it System-readiness evidence is not the same as real implementation evidence and does not guarantee registration. Decide whether to onboard a participant before the first audit to reach full certification in one Stage 2 rather than two Certification only With no participants you go through Stage 2 twice and pay the auditor for that stage twice. Step 5 - Apply on the NDIS Commission portal Only open the portal once you are ready - the application is deleted if you do not complete it within 60 days of starting. Check all 0/11 Full detail for this step in the guide Finalise everything before you open the portal: ABN and legal entity, business name, working myID/RAM, key-personnel details, confirmed groups, service locations, drafted self-assessment, policy index and evidence map, insurance certificates, worker-screening status, and an auditor shortlist Log in via myID/RAM to the NDIS Commission Applications Portal The person completing it needs authority for the legal entity through RAM. Enter organisation details, business structure, places of operation and key personnel As a sole trader, that is you. Select your registration groups e.g. 0107, 0117, 0125 for certification, or 0128 only for allied health - confirm you are not also picking 0118/0110. Complete the self-assessment against the relevant Practice Standards module Core Module for certification; Verification Module for allied health. Write each self-assessment answer to the formula: what we do + where the evidence is (name the document or record) + who is responsible + how it is reviewed Keep a copy or PDF of every self-assessment answer you submit Disclose suitability information for key personnel (bankruptcies, convictions) as identified in Step 0 Draft concise, evidence-based answers offline first, then fit them to the portal answer-length limit Do not paste generic or purchased wording you cannot stand behind. Submit the application within 60 days of starting Read the Initial Scope of Audit email the Commission sends and confirm it shows the correct audit type, groups and standards If the scope looks wrong, sort it out with the Commission before paying for audit work. Step 6 - Engage an auditor and pass Stage 1 (desktop) Shortlist auditors before you apply and formally engage one after your Initial Scope of Audit; the desktop review comes first. Check all 0/11 Full detail for this step in the guide Get written quotes from several Approved Quality Auditors (AQAs), broken down by Stage 1, Stage 2, report writing, travel, GST, corrective-action review and any reschedule or cancellation fees Verification is commonly around $900-$1,800; certification costs more. These are market figures, not regulated fees. Ask each AQA the key questions: can Stage 2 be remote or hybrid; how they sample workers and participants and whether they interview participants; how the provisional outcome and follow-up Stage 2 work if you have no participants; their timeline to Stage 1, Stage 2 and final report; and who uploads what, where, in what file structure and naming Do not simply pick the cheapest quote A lower price does not mean a better audit; a good auditor earns their fee by finding the gaps that make your systems safer. Add the Auditor Relationship in the portal and plan the audit Hand the auditor a Stage 1 pack: Initial Scope of Audit, your groups, an org chart and key-personnel list, insurance certificates, your policy index and evidence map, your registers, and sample worker and participant files (or your tailored, ready system if you are new) Pass the Stage 1 (desktop) review against the Core Module and fix any gaps before Stage 2 Certification only For allied health, submit your documents and records for the desktop verification review and fix and resubmit anything the auditor flags There is no on-site visit. If the auditor raises a minor non-conformity, write a corrective action plan (usually within about 7 days) and fully address it within the audit cycle Three or more minor non-conformities in the same module can be treated as a major. If the auditor raises a major non-conformity, rectify it through a follow-up audit (generally within about three months) If you do not, it can lead to a non-recommendation. Write the corrective action plan yourself, with evidence to close each finding, for the auditor to accept The auditor recommends; the Commission decides. Check yourself against the common Stage 1 failure points: untailored templates, policies describing things you do not do, missing register evidence, no risk-assessed-role logic, insurance not matching your legal entity, company or trading-name mismatches, no governance evidence for a sole trader, and self-assessment answers not linked to evidence Step 7 - Stage 2 (on-site) and audit readiness For certification, Stage 2 should happen within 3 months of Stage 1 and is far more than show files; for verification, this is your final audit-readiness pass before the desktop review. Check all 0/17 Full detail for this step in the guide Ask who the auditor wants to interview and confirm staff availability Certification only Tell participants about the interviews and their right to opt out, and record consent or opt-out Certification only Participants are included by default unless they opt out. Prepare a private space or video link, and read-only access or screen-share to your records Certification only Nominate a physical business location as your primary place of operation, with secure, lockable storage and a shredder for records Certification only Stage 2 is usually held there or needs access to it. Be ready to walk the auditor through live examples: how a participant knows how to complain; a participant file from intake to support plan to progress notes; how you know workers are safe to work; what happens if a worker screening is suspended; an incident from report to close-out; how a risk changed and what you did; how you review your governance; and evidence participants were told about the audit and could opt out Certification only Be ready for the auditor to observe dignity, consent, privacy, infection control and manual handling for 0107, and community-access, transport safety, choice and money/property handling for 0125 Qualified review Certification only Confirm every policy is tailored and in use, and that you and your staff can explain it in your own words Confirm every worker file is complete: screening, orientation, signed Code of Conduct, agreements, training, supervision Confirm every participant file is complete: service agreement, consent, intake/assessment, risk assessment (participant/home/site), support plan with goals, emergency and disaster plan, progress notes, and invoicing/claim records Confirm your registers are live and current: incidents, complaints, risk, conflict of interest, continuous improvement Confirm continuous improvement and policy reviews are actually happening with dates, and insurances are current Confirm practitioner registrations (AHPRA or professional association at the right level) and PI plus public liability certificates are current and on file For allied health. Confirm your incident policy names the reportable categories and correct timeframes Make sure every document carries a version number and a last-reviewed / next-review date that matches your policy-review register Auditors read this as evidence of proper document control. Make sure every record is dated, signed and final Do not coach participants to give scripted answers - just make sure they know their rights, their service agreement and how to complain Do not hide incidents or complaints because they look bad A register with zero incidents or complaints from an operating provider looks unrealistic, not perfect. Step 8 - Decision, then keep it alive The auditor recommends, the Commission decides, and once your certificate issues the ongoing compliance rhythm never really stops. Check all 0/17 Full detail for this step in the guide Wait for the auditor to submit their report and recommendation to the Commission For verification, generally within about two weeks; for certification, longer. If the Commission leans toward refusing, respond to its invitation to provide more information first It may instead approve with conditions. When approved, check your Certificate of Registration carefully: legal entity, ABN, trading name, groups, conditions and expiry (three-year period) Until the certificate issues, you are not registered - do not describe yourself as registered before then. Confirm your registered-provider portal access and payment details Set up your claiming / billing process for plan-managed, self-managed and agency-managed participants For each participant, confirm whether they are NDIA-managed, plan-managed or self-managed, and that the support sits in their plan with a service agreement and consent Build a one-page billing cheat sheet from the current PAPL and Support Catalogue by saving the exact line items for direct therapy, report-writing/non-face-to-face, travel, cancellations, and therapy-assistant Level 1/2 (only if the PAPL allows each) Since 1 July 2025 therapy providers can generally claim up to half the relevant price limit for travel time, subject to caps - confirm in the current PAPL. Review every 1 July. Update service agreements and marketing to reflect registered status Keep claim evidence for every claim: service agreement, consent, roster, progress note, invoice Run the monthly rhythm: review incidents, complaints, risks and safeguarding, and check worker-screening and insurance expiries Run the quarterly rhythm: governance review, risk review, continuous-improvement review, participant-feedback review and supervision review Run the annual rhythm: full policy-review cycle, internal audit, insurance renewal, business-continuity test, data-breach/privacy drill and WHS review Prepare for the mid-term audit (around 18 months in) from about the 12-month mark - it reviews governance and operational management plus prior corrective actions Certification only Certification providers only; verification has no mid-term audit. Start renewal prep around 24 months, engage an AQA by about 30 months, and complete the renewal audit before your 3 years are up Notify the Commission of material changes (key personnel, business structure, contact details) and any events affecting suitability Monitor and meet any conditions on your registration, and plan any out-of-cycle audit before starting a new service or adding groups Before advertising or billing a new discipline, ask the Commission or your AQA whether it is a notifiable significant change, Registration Variation or out-of-cycle audit. Keep an eye on NDIS reform and annual PAPL updates The documents, done for you to tailor The 57 documents in this checklist are the Bluetail pack: policies, agreements, registers and forms, pre-filled with your business details and editable in Word. Preview every page free, then unlock the lot for a one-off $50.
See the $50 pack This checklist is general information to help you prepare for NDIS provider registration. It is not legal or compliance advice, and it is not affiliated with the NDIS Commission or the NDIA. Steps and requirements change - confirm the current process with the NDIS Quality and Safeguards Commission, and get advice from an appropriately qualified person for your situation.
