6. Mandatory compliance requirements for registered NDIS providers (Residential Aged Care Toolkit)

What are the mandatory compliance requirements for registered NDIS providers?

There are a number of mandatory compliance requirements. These compliance requirements must be demonstrated through the registration certification audit, and on an ongoing basis.  

Compliance requirements are set out under conditions of registration under section 73F of the NDIS Act and include:

  • NDIS Practice Standards
  • Code of Conduct
  • complaints management and resolution
  • incident management and reportable incidents
  • worker screening
  • key personnel suitability
  • notifying changes or events

The NDIS Practice Standards 

For RAC providers, as for all providers seeking NDIS registration, the ‘Core Module’ of the NDIS Practice Standards will be assessed. 

The Core Module of the NDIS Practice Standards includes 24 standards grouped into four areas:

  • rights of participants and responsibilities of providers
  • governance and operational management
  • provision of supports
  • the support provision environment. 

Each NDIS Practice Standard is framed as outcomes for an NDIS participant.

Each NDIS Practice Standard includes a set of quality indicators. Quality indicators outline how NDIS providers demonstrate compliance. 

For more information about all NDIS Practice Standards and Quality Indicators, see NDIS Practice Standards.

Key things to note: 
1. Quality Indicators: NDIS providers are assessed against all the quality indicators within the core module except for three NDIS Practice Standards under the Support provision environment (although these are likely to apply to most RAC providers).

These are: 
a. medication – this is only applicable if providers are managing medication (i.e. administers medication to the participant).
b. mealtime management – this is applicable if providers are managing participants who require mealtime support/management.
c. waste – this is only applicable if the NDIS provider is managing waste, infectious or hazardous substances.

2. Evidence: Approved quality auditors will consider evidence against the Quality Indicators in assessing a provider’s conformity with the NDIS Practice Standards. However, the NDIS Commission does not expect all providers to have the same type and level of evidence. The NDIS Commission registration process and audits are ‘proportionate’, based on the size and scale of the provider and scope of supports delivered to NDIS participants. This means, for example, that a provider with large numbers of participants would be expected to demonstrate a different level of evidence than a provider with a small number of NDIS participants.

3. Evidence available through an aged care assessment may be used to demonstrate compliance with NDIS Commission requirements.


  1. Part E - Comparison of Aged Care Quality Standards and NDIS Practice Standards
  2. Part I – Evidence Guide.



6.2 The NDIS Code of Conduct

All NDIS providers must comply with the NDIS Code of Conduct.

NDIS Code of Conduct

  • act with respect for individual rights to freedom of expression, self-determination and decision-making in accordance with applicable laws and conventions
  • respect the privacy of people with disability
  • provide supports and services in a safe and competent manner, with care and skill
  • act with integrity, honesty and transparency
  • promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports and services provided to people with disability
  • take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect and abuse of, people with disability
  • take all reasonable steps to prevent and respond to sexual misconduct.

NDIS providers are responsible for:

  • applying the NDIS Code of Conduct 
  • supporting workers to understand and apply the NDIS Code of Conduct in the course of their daily work.

The NDIS Commission has a range of NDIS Code of Conduct guidance documents for providers and workers on its website. 

Online worker orientation and induction module ‘Quality, Safety and You’.

The online Worker Orientation Module 'Quality, Safety and You' is mandatory for all workers and key personnel involved in any registered NDIS service. 

This module is an interactive online course that explains the obligations of workers under the NDIS Code of Conduct – from the perspective of NDIS participants. 

It takes approximately 90 minutes to complete the four modules. Once completed, workers will receive a Certificate of Completion. Auditors will view certificates as part of evidence for complying with the NDIS Practice Standards for Human resource management.

6.3 Complaints management

NDIS providers are required to have an in-house complaints management and resolution system and will also need to comply with the NDIS (Complaints Management and Resolution) Rules 2018.

Key requirements for a complaints management system are that it:

  1. places the person with disability at the centre of the complaints process
  2. is proportional to the size, scale and scope of the provider
  3. is accessible 
  4. supports the person making the complaint 
  5. is well-managed 
  6. includes full documentation 
  7. is subject to regular review 
  8. keeps appropriate records
  9. has processes to learn from complaints 
How do NDIS complaints requirements compare to Aged Care requirements?
  • Many of the requirements are similar.
  • RAC providers are encouraged to practice open disclosure when a complaint is made or when things go wrong.
  • Under the NDIS Practice Standards and Quality Indicators for complaints management, workers providing NDIS s


Part E: Comparison between ACQS and NDIS Practice Standards and the Standards Comparison Tool
Detailed information on how to approach and resolve complaints can be found on the Complaints management page of the NDIS Commission website. 

6.4 Incident management and reportable incidents

NDIS providers are required to have an incident management system, to notify the NDIS Commission of reportable incidents, and comply with the NDIS (Incident Management and Reportable Incident) Rules 2018.

Key requirements for an incident management system are that it:  

  • has internal management and reporting arrangements in place that ensure all incidents (not just reportable incidents) are recorded
  • takes action to respond to incidents and prevent such incidents from happening again
  • is documented and readily accessible to all workers and participants.

What types of incidents need to be reported?

NDIS providers must report to the NDIS Commission serious incidents (including allegations) that occur in connection with the provision of supports and services, including: 

  • the death of an NDIS participant,
  • serious injury of an NDIS participant,
  • abuse or neglect of an NDIS participant,
  • unlawful sexual or physical contact with, or assault of, an NDIS participant, 
  • sexual misconduct committed against, or in the presence of, an NDIS participant, including grooming of the NDIS participant for sexual activity,
  • the unauthorised use of a restrictive practice in relation to an NDIS participant.
How do NDIS incident requirements compare to Aged Care requirements?
  • Many of the requirements are similar.
  • NDIS ‘Reportable Incidents’ are reported to the NDIS Commission, and Aged Care ‘Serious Incidents’ are reported to the Aged Care Quality and Safety Commission.
  • Under the NDIS Practice Standards and Quality Indicators for incident management, workers providing NDIS supports and services to NDIS participants must be trained in incident management procedures.


Detailed information is made available on the ‘Reportable incidents’ page of the NDIS Commission website.

6.5 NDIS Worker Screening

Registered NDIS providers are required to comply with NDIS worker screening requirements as per the NDIS (Worker Screening) Rules 2018, which ensure that NDIS workers in risk assessed roles hold a NDIS Worker Screening Check or an acceptable check under transitional arrangements. 

Risk assessed roles are:

  • key personnel roles
  • roles for which the normal duties include the direct delivery of specified supports or specified services to a person with disability
  • roles for which the normal duties are likely to require more than incidental contact with people with disability.

From 1 February 2021, RAC providers were required to ensure that workers (staff members and volunteers) in risk assessed roles have an:

  • acceptable aged care provider check in accordance with the requirements of the Accountability principles (which include a police check, and if necessary, a statutory declaration stating that the person has not been convicted of certain offences), or
  • acceptable check in accordance with state and territory transitional arrangements, or
  • NDIS Workers Screening check clearance.

Registered NDIS providers are required to keep detailed records on each worker in a risk assessed role.

More details are available at: NDIS participants in residential aged care | NDIS Quality and Safeguards Commission (ndiscommission.gov.au) 

6.6 Suitability of the provider and key personnel

Key Personnel are the individuals who hold key executive, management or operational positions in each NDIS provider, such as Managers, Chief Executive Officer, Company Directors, Board Members, or Chairperson.

All Key Personnel must be included in an application for registration with the NDIS Commission. This information will form part of the NDIS Commission’s suitability assessment. 

The suitability assessment includes looking at whether the NDIS provider or any of its key personnel have:

  • previously been a registered NDIS provider
  • had a banning order in place
  • any past convictions
  • been insolvent under administration
  • had adverse findings or enforcement action taken by any relevant authorities
  • been the subject of findings or judgement in relation to fraud, misrepresentation, or dishonesty
  • been disqualified from managing corporations and
  • any other information that the NDIS Commissioner considers relevant.

Further details of matters that the NDIS Commissioner must have regard to when considering suitability are set out in section 9 and 10 of the NDIS (Provider Registration and Practice Standards) Rules 2018.

The NDIS Commission can decide not to grant registration if any of these requirements have not been met.

6.7 Notifying any changes or events affecting NDIS providers registration to the NDIS Commission

Registered NDIS providers must let the NDIS Commission know through the NDIS Commission Portal of certain changes and events, especially those which substantially affect their ability to provide services to NDIS participants. This could include events/changes such as a:

  • significant shortfall in available workers or decrease in staff is expected
  • change in legal entity type/business structure.

Further details of the requirements for notifications to the NDIS Commission, including guidelines for providers, are available at Notice Changes and Events.

6.8 Worker obligations and related training

Anyone who is employed or engaged to provide NDIS support and services to an NDIS participant is considered a worker in the NDIS.

All providers and workers in the NDIS are covered by the NDIS Code of Conduct. Among other things, the NDIS Code of Conduct requires providers and workers to “provide supports and services in a safe and competent manner, with care and skill”.

Under the NDIS Practice Standards registered providers must also ensure NDIS participants receive supports and services from workers who are trained and competent to provide the relevant supports. 

  • The Worker orientation module (Quality, Safety and You) provides training for workers about the NDIS Code of Conduct from the perspective of people with disability and is mandatory for workers to complete under the NDIS Practice Standards. 
  • Other areas under the NDIS Practice Standards that require providers to ensure workers supporting NDIS participants are trained and comply with related requirements include: 
    • feedback and complaints handling 
    • incident management
    • infection prevention and control training, including the use of PPE
    • implementation of emergency and disaster management plans
    • management of medication (if relevant to supports)
    • mealtime management (if relevant)
    • management of waste and hazardous substances (if relevant to supports).                          

The NDIS Commission has also made available other training for workers. This includes online Induction Modules (not mandatory), that provide specific information on:

  • disability awareness
  • privacy and confidentiality
  • safe workplace
  • NDIS Code of Conduct and Dignity of risk
  • incident management
  • know the person
  • risk identification and management
  • management of challenging situations
  • reduction and elimination of restrictive practices, including implementation of strategies in behaviour support plans.

Other available online training includes ‘Supporting Safe and Enjoyable Meals’ and ‘Supporting Effective Communication’. 
Information about all available NDIS Commission online training modules is available on our Worker training modules and resources page.