Quick answer: Verification and certification are different audit pathways. Verification is usually the lighter desktop route for lower-risk services, while certification is broader and more demanding for higher-risk service types.
Last reviewed: March 2026 by the BlueSafe Technical Team.
NDIS regulations change frequently. Always verify current requirements with the NDIS Commission before making compliance decisions.
This is one of the most practical pre-purchase pages in the cluster because providers usually land here when they are about to register and want to understand what kind of audit burden they are facing.
At a glance
| Item | Verification | Certification |
|---|---|---|
| Typical service profile | Lower-risk | Higher-risk |
| Main format | Desktop-focused document review | Broader review with deeper testing |
| Interviews and site activity | Limited or none | More likely |
| Preparation burden | Significant | Higher |
| Cost profile | Lower | Higher |
| Operational risk if underprepared | Real | Very high |
Overview of the two audit types
The point of both audits is the same: to assess whether the provider can show evidence that it meets the relevant standards.
The difference is in scope and depth.
Verification audit
Verification is generally the lighter pathway.
It usually focuses on:
- policies and procedures
- supporting records
- whether the documentation aligns with the relevant registration scope
Even though it is the lighter pathway, providers still need audit-ready documentation. Weak or generic documents still cause problems.
Certification audit
Certification is the broader pathway for higher-risk services.
The approved notes for this page say it can involve:
- document review
- interviews with staff and participants
- site review
- closer testing of leadership, risk, incidents, complaints, workforce, and service delivery
This is why certification needs stronger preparation and better evidence discipline.
Which audit type applies to your services?
| Service type | Typical audit type |
|---|---|
| Lower-risk registration pathways | Verification |
| SIL and other higher-risk supports | Certification |
| Specialist behaviour support | Certification |
| SDA and regulated restrictive-practice settings | Certification |
Providers should always verify current registration-group rules, but the practical distinction is lower-risk versus higher-risk service models.
How to prepare for either audit
- Identify the correct registration scope.
- Read the relevant Practice Standards and Quality Indicators.
- Conduct a gap analysis.
- Build or update the policy suite.
- Confirm worker screening and training evidence.
- Check incident and complaints systems.
- Organise documents for easy retrieval.
- For certification, prepare staff and operational evidence as well as documents.
The most common failure is assuming the audit begins when the assessor calls. In reality, it begins when you start building the evidence set.
Common non-conformities
Auditors regularly find:
- policies that do not fit the business
- incomplete workforce records
- weak incident or complaint systems
- stale documents with no review history
- poor alignment between the written system and what staff actually do
These issues can affect either audit type, but the consequences are usually sharper in certification.
After the audit
If the audit identifies non-conformities, the provider usually needs to:
- understand the issue precisely
- fix the gap
- provide evidence of correction
- maintain the corrected system going forward
Treating audit findings as a one-off paperwork problem usually leads to repeat failures later.
State and territory variations
The audit framework itself is national. Jurisdiction differences are more likely to appear in supporting obligations such as screening administration or restrictive-practice interfaces, not in the basic verification-versus-certification distinction.
Related guides
- NDIS Practice Standards - Complete Guide for Registered Providers
- How to Prepare for an NDIS Audit - Checklist and What Auditors Look For
- How to Become a Registered NDIS Provider - Step-by-Step Guide (2026)
Frequently asked questions
What is the difference between a verification and certification audit?
Verification is narrower and more document-focused. Certification is broader and tests implementation more deeply.
Which services usually require certification?
Higher-risk service types such as SIL, specialist behaviour support, and some other regulated areas.
How long does an NDIS audit take?
Verification is usually shorter, while certification usually takes longer and requires more preparation.
What happens if non-conformities are found?
The provider usually needs to address them and provide evidence of correction.