I've sat with a lot of providers who were caught off-guard at audit. Not because they weren't doing good work. Not because their workers were undertrained. But because nobody had ever clearly explained what the NDIS Practice Standards actually demand of a training program, and so the evidence trail was a mess, or it was missing entirely, or it existed but couldn't be produced in the room in time to matter.
That's a fixable problem, and it's the whole reason this guide exists. So let's go through the Standards properly: what they are, what they expect from you on training, how auditors actually assess it, and what strong training evidence looks like in practice.
What the NDIS Practice Standards are (and what they're not)
The Practice Standards are a set of quality and safety requirements every registered NDIS provider must meet, established by the NDIS Quality and Safeguards Commission. They form the basis of every certification and verification audit across Australia.
They're not a script. They're not a training catalogue. They're a framework of quality indicators, and your job is to decide how you'll meet them given the specific people you support, the supports you deliver, and the workforce you have. That distinction matters enormously, and most providers don't fully clock it until an auditor asks them to explain their reasoning rather than just show their completion records.
The Standards are organised into two layers:
| Module type | Who it applies to | What it covers |
|---|---|---|
| Core modules | All registered providers | Rights and responsibilities, governance and operational management, the provision of supports, support provision environment |
| Specialist modules | Providers delivering higher-risk or specialist supports | High-intensity daily personal activities, specialist behaviour support, early childhood supports, specialist disability accommodation, and others depending on registration |
Your registration groups determine which modules apply to your organisation. If you're unsure, your registration schedule from the Commission will tell you. The point is that "meeting the Standards" doesn't mean the same thing for every provider, and a training program built for one service won't automatically satisfy the obligations of another.
What the Practice Standards actually require for training
Here's the thing providers get tripped up on: the Practice Standards don't give you a course list. They set quality indicators, and then they expect you to work backwards from those indicators to figure out what training your workforce needs to meet them.
Let me give you a concrete example of how that works. One of the quality indicators under the core module on provision of supports requires that workers have the knowledge and skills to deliver the supports in a person's plan competently and safely. An auditor isn't going to ask whether you ran a specific course. They're going to ask: you support someone with a complex communication profile and severe dysphagia, so how did you make sure the worker assigned to them was trained for both of those things before they started? What's your evidence?
If the answer is "they did the Worker Orientation Module and a general induction," that's not going to be enough. The orientation module is mandatory and foundational, but it covers the Code of Conduct, not condition-specific competency. You need to be able to show the full picture.
So in practical terms, the Practice Standards expect your training program to do four things:
- Be needs-driven. Training choices should be traceable to the actual needs of the people you support and the specific risks in your service. Generic training for every worker regardless of what they do is not what the Standards are looking for.
- Be role-specific. A community access worker, a SIL worker, and a specialist behaviour support practitioner have different knowledge and skill requirements. Your training program should reflect that difference.
- Be documented with reasoning. You need to be able to explain why you chose the training you did, not just show that you delivered it. "The Commission told us to" is not reasoning. "This worker supports someone with a seizure disorder so we required seizure management training before they started" is.
- Be evidenced by completion records. Completion records need to be retrievable, legible, and linked to the worker and the date. A stack of paper certificates in a filing cabinet that takes forty minutes to find under audit pressure is not a good system.
The four core module areas and what they mean for your workforce training
Let's run through the core module areas and be honest about what each one expects from a training standpoint.
Rights and responsibilities
This is the area most providers feel comfortable with because it maps most obviously to the Worker Orientation Module and the Code of Conduct. Workers should understand the rights of the people they support, what those rights mean in practice, and how to support choice and control in daily decisions, not just in care planning.
Where providers fall short here is on depth. Knowing that someone has rights is different from knowing how to uphold them when those rights conflict with a risk, or when a family member is pressuring a different decision, or when you're short-staffed and the easier option is to override a preference. That judgement is what condition-specific and values-based training develops, and it's rarely covered at orientation depth.
Governance and operational management
This one is largely a provider-level obligation around systems, but training sits inside it. The Standards expect that your governance includes a mechanism for identifying workforce training needs, ensuring training is current, and acting when it isn't. If your training management is someone's shared spreadsheet that gets updated once a year, that is both a governance gap and a training gap.
Provision of supports
This is where most training decisions live. The Standard requires that supports are delivered by workers who have the knowledge and skills to do so safely and competently. That means your training program has to be specific enough to cover the actual supports your workers deliver, including supports delivered in unusual circumstances, after hours, or at short notice by a worker covering a new person for the first time.
The gaps that show up at audit most often here are around condition-specific understanding, communication approaches, and behaviour support, because these are the areas where generic training looks plausible but doesn't actually prepare a worker for what they'll encounter on the shift.
Support provision environment
This covers the safety of the environment in which supports are delivered, and for training purposes it usually brings in manual handling, infection prevention and control, medication safety where relevant, and emergency procedures. These are the areas where currency matters most, because the guidance and the person's needs both change.
Specialist modules: when higher standards apply
If your registration covers higher-risk supports, the specialist modules add a layer of specific requirements on top of the core. The two most training-intensive are:
High-intensity daily personal activities
For supports like complex bowel care, enteral feeding, tracheostomy management, urinary catheter management, and severe dysphagia, the Commission's high intensity support skills descriptors set out the specific skills and knowledge a worker needs for each task. The training requirements here are non-negotiable in structure: competency-based, delivered by an appropriately qualified health practitioner, completed before the worker provides the support, and refreshed when the person's needs change, after a gap of three months or more, and at least annually.
This is also the point where I'll say plainly what a lot of providers already suspect but don't always hear clearly: online learning cannot sign a worker off as competent to deliver high-intensity clinical tasks. eLearning is excellent for building knowledge, understanding why a procedure works, and developing the judgement to recognise when something has changed. It is not a substitute for the supervised, hands-on, health-practitioner-led competency assessment the Commission requires. If a training vendor is suggesting otherwise, that is a compliance risk, not a shortcut.
Specialist behaviour support
Providers delivering specialist behaviour support have obligations that extend beyond the training of their own workforce into the oversight of behaviour support plans and the authorisation of any restrictive practices. The training obligations here are significant, and they link back to the restrictive practices training requirements that sit across the sector. If your registration includes this area and your training program doesn't specifically address behaviour support documentation, restrictive practice authorisation, and incident reporting, that is a gap an auditor will find.
How auditors actually assess training at an NDIS audit
Understanding what auditors look for changes how you build your evidence. From the Commission's documentation and from what providers report after going through the process, auditors are looking at roughly four things when they examine your training records:
- Rationale. Can you explain why each element of your training program was chosen? Is there a documented process for identifying training needs based on who you support and what supports you deliver?
- Evidence of completion. Are the records legible, dated, worker-specific, and retrievable? Can you pull a specific worker's training history quickly, and does it show completion of the training relevant to the people they support?
- Currency. Is the training current? Have refresh cycles been applied? Where a person's plan or needs changed, did the training follow?
- Evidence of practice impact. At certification audits in particular, auditors may look beyond completion records to evidence that training changed how workers practise. Supervision notes, incident trends, and feedback from the people supported can all be relevant here.
The most common failure mode I've seen is providers who have genuinely decent training but can't produce the evidence clearly in the room. The auditor isn't taking your word for it. They need to see it, and the time to build the system that produces that evidence easily is before the audit date arrives, not the week before.
What good training evidence actually looks like
Strong evidence means you can answer these four questions in under five minutes, with documentation: (1) What training is required for each role and each person you support? (2) Who has completed it, and when? (3) What's the refresh cycle and why? (4) Where a gap exists, what's the plan and the timeline? If you can answer all four quickly and clearly, you're in good shape. If any of them requires a phone call, a search through a filing cabinet, or a "we'd need to check that," you have work to do.
The Reform Hub: what's changing and why you should be watching
The NDIS Commission has been running an active reform process on the Practice Standards, and 2026 has brought some meaningful changes. From July 2026, mandatory registration has expanded to cover a broader range of provider types, including platform providers and some previously unregistered providers delivering higher-risk supports. Those providers now come under the full scope of the Practice Standards for the first time, which means their training obligations have shifted significantly.
The Commission's Practice Standards reform hub is the place to track these changes as they finalise. If you haven't looked at it recently, that's worth doing now, especially if your registration is due for renewal in the next twelve months. The audit focus in 2026 has also shifted toward outcomes-based evidence rather than documentation compliance alone, which means the "we ran the course" answer is under more scrutiny than it was a few years ago.
Building a training program that holds up at audit
The good news is that building a training program with evidence that holds up at audit isn't as complicated as providers sometimes assume. It's less about the volume of training and more about the logic behind it. Here's the approach that works.
Start with the people you support, not a course catalogue
Map the needs and risks of the people in your service. What conditions are present? What supports are being delivered? What does a shift actually look like for the workers doing it? The answers to those questions should drive your training design, and you should be able to draw a clear line from each person's needs to the training assigned to the workers who support them.
If you haven't done that mapping recently, or if it exists as informal knowledge in your team's heads but isn't documented anywhere, that is the first thing to fix. The CORA Pathway Builder is a free tool that does this mapping automatically, no sign-up required, and it's a useful starting point if you want to see where the gaps are before you start building.
Assign training by role and by person, not just by service
A training program that assigns the same courses to every worker regardless of role or cohort is a compliance risk, not a safeguard. The worker who supports one person with autism in a community access program needs different training to the worker doing SIL for someone with complex medical needs. Build the assignment logic so that it reflects those differences, and document the reasoning.
Build a refresh cycle with a rationale
There's no single legislated interval for most training, but auditors expect a sensible approach. For condition-specific training, a good rule of thumb is that a refresh is triggered by any of three things: a change in the person's plan or needs, a significant incident or near-miss, or a reasonable time interval (twelve months for most compliance content is a defensible default). Write that policy down. The fact that you have a policy and follow it is itself evidence of a functioning governance system.
Make records retrievable in minutes, not hours
This sounds obvious, but it is the thing that lets providers down most often under the pressure of an audit. Whether you use a purpose-built platform or a well-maintained spreadsheet, your records need to be searchable by worker, by training item, and by date. You should be able to show a complete training history for any worker in the time it takes to click a filter. If your current system can't do that, fixing it is a higher priority than adding more courses.
Turning compliance into evidence of capability
There's a point I want to make that goes slightly beyond the compliance framing, and it's the point that matters most to me. Completing the required training proves you met the minimum. It doesn't prove your workforce is capable of delivering good support. Two workers can have identical training records and one of them reads a situation clearly while the other misses the signals entirely. That difference doesn't show up on a completion report.
The providers who do best at audit, and more importantly do best by the people they support, are the ones who treat the Practice Standards as a starting point for a conversation about workforce capability, not a checklist to satisfy and file. What do our workers actually understand about the people they support? Where are the real knowledge gaps? What changed this quarter that our training hasn't caught up with yet?
Those questions are harder to answer than "did everyone do the module," but they're the ones that actually matter. And the good news is that the evidence you'd produce to answer them, a clear capability picture of your workforce mapped to the people they support, is also exactly the evidence that holds up best at audit.
CORA's Workforce Capability Report is built around that question. It turns completion data into a capability picture you can put in front of a board or an auditor, flagging where the real gaps are and what to do about them. It's the thing I wished existed when I was the one trying to work out where my team actually stood.
See where your workforce stands against the Practice Standards
The CORA Workforce Capability Report maps your team's capability against the Standards relevant to your registration, flags risks before audit, and recommends actions with timing. See a sample report.
View sample Workforce Capability Report Browse the training libraryCommon questions
What do the NDIS Practice Standards require for training?
The Practice Standards don't prescribe a fixed list of courses. They set quality indicators and require each registered provider to determine the training that equips its workforce to meet those indicators for the specific people it supports. At audit, you show what training you chose, why you chose it, and evidence that workers completed it.
What are the NDIS Practice Standards core modules?
The core modules apply to all registered providers and cover four areas: rights and responsibilities, governance and operational management, the provision of supports, and support provision environment. Specialist modules apply on top for providers delivering higher-risk supports such as high-intensity daily personal activities, specialist behaviour support, and early childhood supports.
What happens at an NDIS audit and how is training assessed?
NDIS audits are conducted by Commission-approved quality auditors. For training, auditors look for a rationale connecting each worker's training to the supports they deliver, completion records with dates and evidence, a refresh cycle with documented reasoning, and at certification audits, some evidence that training changed practice, not just that it was completed.
How do I know which NDIS Practice Standards apply to my registration?
Your registration groups determine which modules apply. All registered providers must meet the core module standards. Providers registered for higher-risk support categories must also meet the relevant specialist module standards. Check your registration schedule or contact the NDIS Quality and Safeguards Commission directly if you are unsure which modules apply to your service.
Sources and further reading
- NDIS Practice Standards, NDIS Quality and Safeguards Commission
- NDIS Practice Standards reform hub, NDIS Quality and Safeguards Commission
- Types of NDIS audits, NDIS Quality and Safeguards Commission
- High intensity daily personal activities, supplementary module and skills descriptors, NDIS Quality and Safeguards Commission
- NDIS Code of Conduct, NDIS Quality and Safeguards Commission
This guide is general information for NDIS providers, not legal or compliance advice. Always check the current requirements directly with the NDIS Quality and Safeguards Commission, because the detail does change.
← Back to all guides