Provider spotlight

On this page:

A word on our Provider Spotlight...

The Provider Spotlight is not intended to be an endorsement of a provider's overall activities, but instead focuses on a particular incident or activity which the Commission believes may be beneficial to share, in the spirit of a community of practice.

On this page, we highlight instances of good practice, which come to the Commission's attention. It demonstrates a provider's approach to meet their obligations and deliver quality and safe supports and services. But, we also acknowledge that there are many and varied approaches a provider may wish to take, depending on the preferences of their participants and the market in which they operate.

Share with us! We invite providers to share approaches and innovations they've taken to amplify the voice of participants and uplift quality and safety. Let us know what you're doing by emailing Communications

Central Australian NDIS provider Veritable is using an innovative approach with videos, photographs and drawings to help participants better understand and engage with the services provided to them.

Veritable supports communities in and around Alice Springs (NT), Anangu Pitjantjatjara Yunkunyatjara Lands (SA) and Ngaanyatjarra Lands (WA), and many of their participants use English as a second language and have cognitive impairments.

Using software called ‘Loom’, they have produced videos in Pitjantjatjara and Western Arrernte to explain their service agreement in a conversational style, with the provider’s Director speaking in English and the interpreter in language.

These videos allow workers to introduce themselves to very remote participants who are considering a service agreement. This gives participants a sense of who will be coming to see them and whether they are the right ‘fit’ for them as a person.

Veritable also creates individualised behaviour plans and stories for some participants that include drawings of them in their community, which are created by an in-house artist.

The use of pictures helps break the ice with participants, who have responded positively to both the general and individualised resources. Importantly, Veritable recognises that what works for one person may not work for another, and they strive to be responsive to each person's needs.

NDIS workers have also provided positive feedback that the visual support plans are more accessible and they bring the person's needs to life, making the strategies simple and direct.

This creative approach has been welcomed by participants and workers alike. These outcomes demonstrate the importance of recognising each participant’s individual communication needs when creating plans and agreements, and upholding the participant’s right to choice and control in how their services are provided.

In May 2022, an unauthorised third party gained access to a cloud-based client management system from software and analytics supplier CTARS Pty Ltd (CTARS), used by some NDIS providers. The security breach exposed information, including personal details of NDIS participants.

Following the incident, the NDIS Commission initiated a compliance review to assess impacted providers' response against their obligations for managing information and participant privacy. We also published a Provider Alert with information for providers about preventing and managing data breaches.

Response from Griffith Post School Options

This provider sought legal advice to manage the data breach and clarify their obligations. They reviewed their privacy policy, participant consent form and data breach response plan, to comply with Australian privacy laws and ensure they're prepared should anther data breach occur. 

Additionally, the provider: established a team responsible for assessing, reviewing and handling future data breaches; reviewed and updated their IT security measures, including introducing a more robust file backup system and two-factor authentication for some systems; and, arranged cyber-security training for their staff.

Griffith Post School Options also individually notified impacted NDIS participants of their breach, using their preferred communication method.  This notification included the public statement issued by CTARS on the breach, the types of information and details which may have been exposed, actions they were taking in response, and contact details for further enquiries. When asked, Griffith Post School Options helped participants understand what information is stored in their CTARS profile and provided a printout of the information.

Griffith Post School Options also posted a news article on their website, as an additional communication.

Finally, Griffith Post School Options maintained regular communication with CTARS, to stay up to date on the breach, and arranged a face-to-face visit to review the functions and security of the CTARS system.


The provider delivered a well-considered approach including:

  • ensuring strong communications, to keep themselves and participants informed
  • taking the opportunity to learn from the experience and strengthen their information management approach.

Our compliance activity in relation to NDIS providers’ response to the CTARS data breach is ongoing. Providers are encouraged to refer to our Provider Alert for information about your obligations and other available resources to support this important area of service provision.

A Northern Territory NDIS service provider Carpentaria is taking proactive steps to ensure participants have annual comprehensive health assessments, leading to better health and quality of life outcomes.

The provider, which supports participants in central, remote and northern regions, uses the Comprehensive Health Assessment Program (CHAP) tool to guide their approach.

CHAP was developed by the Queensland Centre for Intellectual and Developmental Disability, and uses a questionnaire that documents the patient’s health history and provides the GP with prompts and guidelines relating to health issues.

The assessments involve a discussion and review of the participant's medical history, current health problems, medications, and lifestyle risks with their GP. The aim is to maintain or improve the participant's quality of life by addressing any and all health concerns. This includes facilitating appointments, helping participants understand their own health needs, and making informed health decisions.

In conjunction with using CHAP, the provider supports participants to attend appointments, arranges transport, manages support levels, communication needs, and guardian involvement with medical matters. By being proactive, the provider aims to prevent illness or chronic conditions and be responsive to all health needs identified for participants.

The benefits of the annual health checks have been significant, with some participants having serious diseases and illnesses identified that may have remained undetected. Treatments have been actioned and the provider is continuing to address risks of health problems for people with disability in an ongoing manner with follow up specialist appointments, recommended health plans and reviews. A review of the use of medication in several participants' plans also led to changes in their healthcare support by the provider.

This highlights the importance of annual health checks for people with disability to ensure that they receive quality supports. By reviewing processes and procedures to embed the practice of annual health checks for all participants, this provider has improved their practice and service while safeguarding those participants.  

For more information, see our Practice Alert on Comprehensive Health Assessments.

Noah’s Ark is an early childhood intervention provider covering Victoria, NSW, and ACT that offers a range of services to children aged 0-12 years at home, in educational settings, in community activities or online, enabling them to practise real-life skills in the context they will be used.

Under their key worker model, each family is allocated a main therapist or education specialist who shares their discipline-specific expertise and broad developmental knowledge, and works collaboratively with other professionals to help the participant reach their goals.

Children and families value the opportunity to work closely with one team member and welcome the model which ensures relevant information is shared by their main provider with other professionals, so that the family does not have to explain their circumstances to multiple different workers. This means that therapy sessions are targeted to their specific needs, and avoids duplicating other processes.

Noah’s Ark liaised with international providers to develop robust and effective ways to support key workers through supervision, case consultation, joint visits and team meetings, including developing comprehensive practices to ensure that children and families receive access to the support they need to achieve their goals.

During the implementation of this model, it is important to recognise that key workers are different from case managers, and that as specialist teachers, occupational therapists, speech pathologists, physiotherapists and psychologists, they bring their expertise into every interaction they have with children, families, and other stakeholders.

From the provider’s perspective, staff appreciate the opportunity to work closely with families and other professionals, learn from one another, and consolidate their knowledge of child development to provide a high-quality service that promotes choice and control.

Overall, Noah’s Ark’s approach affirms the participant’s right to receive safe and quality services that empower the child, their family and personal development.

By engaging with participants, families, and staff, and collaborating with the NDIS Commission, Victorian provider Yooralla is ensuring transparency, accountability, and continuous enhancement of its incident management processes.

With more than 2000 staff supporting people of all ages and needs across Melbourne and regional Victoria, it is critical that Yooralla's incident reporting processes prioritise participant safety and aim to prevent future incidents by addressing underlying causes and implementing systemic improvements.

Yooralla is committed to continuously improving its incident management process, and has developed guiding principles for responding to victim-survivors of abuse through collaboration with people with disabilities, their families and survivors of abuse.

These principles focus on acknowledging vulnerability, adopting trauma-informed responses, and facilitating settlements through non-adversarial processes.

The organisation's trauma-informed approach, guided by principles for responding to victim-survivors of abuse, has been well-received by participants and families alike.

Additionally, the organisation is implementing a “just culture” approach, with the goal of creating a safe space to speak up, and organisational accountability to listen, understand and address the organisational and systemic factors that influence behaviour.

Yooralla uses a comprehensive incident management system called RiskMan to track and report incidents and has a dedicated staff member in its Quality and Safeguarding Division who oversees this.

Investigations are conducted by experienced Group Managers, Yooralla's internal investigator, or, when necessary, an external investigator. Throughout the investigation process, participants and families are kept informed according to agreed-upon communication plans.

All providers have obligations under the NDIS Code of Conduct to manage incidents effectively, and registered providers have additional responsibilities per their conditions of registration.

For more information on developing or improving your incident management systems: