Compliance Framework

Compliance Is Built Into the Framework

Operating under a registered NDIS provider framework requires more than access to registration.

Providers must be able to demonstrate that supports are delivered safely, appropriately, and within agreed scope. This requires clear systems, accurate records, worker evidence, participant safeguards, reporting pathways, and ongoing oversight.

CCG's compliance framework is designed to support suitable providers to operate within a structured, monitored, and auditable registered provider environment.

This is what separates CCG from a standard invoice processing brokerage.

Not just brokerage or invoice processing

CCG's Model Is Built Around Compliance Led Service Delivery

CCG does not simply process invoices or allow providers to operate without oversight.

That means before a provider can operate under our framework, we consider whether the provider has the systems, evidence, safeguards, and operational readiness required to deliver NDIS supports safely.

Invoicing may form part of administration, but it is not the service.

The service is:

The registered provider framework
Compliance structure
Onboarding process
Scope control
Participant safeguarding
Reporting pathways
Ongoing oversight

These are what support safe and accountable NDIS service delivery.

Why a compliance framework matters

A Registered Provider Framework Carries Responsibility

When a provider operates under CCG's framework, there must be a clear understanding of what is required.

Without these controls, providers may create risk for participants, workers, their own business, and the registered provider framework.

CCG's compliance framework is designed to reduce that risk by setting clear expectations from the beginning.

Providers must have a clear understanding of:

What supports can be delivered
Which registration groups apply
What evidence must be maintained
What worker requirements apply
What participant safeguards are required
How incidents and complaints are reported
How risks are identified and managed
What documentation must be kept
What oversight and monitoring applies
Core areas of the compliance framework

Ten Core Areas Every Provider Must Meet

Each area sets out what providers must have in place before and during service delivery under CCG's registered provider framework.

01

Provider Suitability

Not every provider is suitable to operate under CCG's registered provider framework. Before a provider can proceed, CCG considers the provider's service model, proposed supports, registration group needs, worker evidence, participant safeguards, incident and complaints processes, risk profile, and operational readiness.

Suitability is assessed before a provider can proceed. CCG considers whether the service model, proposed supports, systems, and evidence are appropriate for the framework — not every provider will be suitable, and that assessment happens at the start.

02

Service Scope Control

Providers may only deliver supports under CCG's registration for participants who are linked between CCG and the provider through the framework. Before commencement, CCG reviews the supports the provider wants to deliver and considers whether they align with the available registration groups, participant needs, and compliance requirements. This scope control applies to those participants and supports — not to the provider's broader business.

Providers must not deliver supports under CCG's registration outside the agreed scope for linked participants. If a provider wants to change or expand the supports delivered under the registration, that change must be reviewed before the provider proceeds.

03

Registration Group Alignment

The proposed supports must align with the relevant registration groups available under the framework. Different supports carry different obligations, risks, evidence requirements, and practice expectations.

Registration group alignment is reviewed before commencement. If the proposed supports do not align with available registration groups, or if the provider does not have the evidence required for those groups, the provider may not be able to proceed.

04

Worker Evidence

Providers must maintain appropriate worker evidence to demonstrate that workers are suitable, prepared, and supported to deliver the relevant supports.

This may include:

NDIS Worker Screening Checks
Worker identity and role information
Induction records
Training records
Competency evidence
Qualifications, where relevant
Role-specific evidence for higher-risk supports
Supervision or refresher training records, where required
05

Participant Safeguards

Participant safety is central to the framework. For participants linked between CCG and the provider through the registration, providers must maintain appropriate safeguards and be able to show that services are delivered in a way that considers participant needs, preferences, risks, and safety.

This may include:

Service agreements
Participant consent records, where relevant
Participant support information
Risk information
Support plans or care-related documentation
Communication needs
Emergency contacts
Incident escalation information
Safeguarding considerations
Records of supports delivered
06

Incident and Complaints Pathways

Providers must have clear processes for identifying, recording, escalating, and responding to incidents and complaints that occur in connection with participants linked through CCG's registration. CCG's framework requires transparency — incidents, complaints, and risks involving those participants must not be hidden, delayed, or ignored.

Incidents, complaints, and risks involving participants linked through CCG's registration must not be hidden, delayed, or ignored. Providers must understand when something must be reported, who it must be reported to, what records must be kept, and what actions are required.

07

Risk Management

Providers must be able to identify and manage risks connected to supports delivered under CCG's registration. This applies to participants linked through the framework — risk management is not a one-off task, and providers must review and respond to risks as circumstances change for those participants.

This may include:

Participant health and safety
Worker conduct
The support environment
Medication or mealtime support
Behaviour support
Restrictive practices
Manual handling
Community access
Transport
SIL or shared living arrangements
High-intensity supports
Changes in participant needs
08

Documentation and Record Keeping

Providers must maintain records relating to participants linked through CCG's registration — showing what support was delivered, who delivered it, when it occurred, what risks were identified, what actions were taken, and how participant safeguards were maintained. These records relate to the use of CCG's registration, not the provider's broader business. If it is not documented, it may be difficult to evidence.

Documentation supports participant safety, provider accountability, audit readiness, and ongoing oversight. These records relate to participants linked through CCG's registration — not the provider's broader business. If it is not documented, it may be difficult to evidence.

09

Service Specific Compliance Requirements

Some supports require additional evidence, controls, or oversight. Where higher-risk supports are involved, CCG may require additional documentation, worker evidence, participant specific information, and service specific safeguards before a provider can proceed.

This may include:

Supported Independent Living
High-intensity daily personal activities
Medication support
Mealtime support
Behaviour support
Restrictive practices
Complex personal care
Supports involving elevated participant risk
10

Ongoing Oversight and Monitoring

Operating under the framework is not a one-time approval. For participants linked through CCG's registration, providers must continue to maintain evidence, follow procedures, report incidents and complaints, operate within agreed scope, and participate in monitoring.

This may include:

Evidence review
Worker record checks
Participant documentation checks
Incident and complaints review
Risk review
Service scope review
Follow-up on identified gaps
Review of higher-risk supports
Compliance communication and reporting
Compliance is a shared responsibility

CCG and Providers Each Have a Role

CCG provides:

The registered provider framework
Onboarding requirements
Reporting pathways
Compliance expectations
Oversight structure

Providers remain responsible for:

Delivering supports safely for linked participants
Maintaining evidence for those participants and supports
Following the agreed framework for the registration
Reporting issues involving linked participants
Operating within approved scope under the registration

The framework works only when providers are transparent, organised, responsive, and willing to meet their obligations.

What providers must be prepared for

This Is an Active Compliance Framework

Providers operating under CCG's framework must be prepared to meet their obligations throughout the arrangement — not just at the point of onboarding.

This is not a passive arrangement. It is an active compliance framework.

Providers must be prepared to:

Provide requested evidence
Operate only within agreed scope for participants linked through CCG's registration
Follow policies and procedures
Maintain worker records
Maintain participant records for participants linked through the registration
Report incidents and complaints involving those participants
Identify and manage risks connected to those participants and supports
Respond to compliance requests
Participate in monitoring
Address gaps when identified
Stop or change service delivery if required for safety or compliance reasons

Common gaps may include:

Unclear service scope
Missing worker screening evidence
Incomplete training records
Missing participant documentation
Weak incident or complaints processes
No clear risk management evidence
Unclear registration group alignment
Insufficient evidence for higher-risk supports
Lack of policies or procedures
Unwillingness to participate in monitoring

Some gaps can be corrected. Other gaps may mean the provider is not suitable for the framework.

Compliance gaps may delay approval

Gaps Must Be Addressed Before a Provider Can Proceed

If compliance gaps are identified, CCG may require those gaps to be addressed before a provider can proceed.

CCG would rather identify these issues early than allow a provider to operate in a way that creates risk for participants, workers, or the registered provider framework.

Why this protects everyone

The Compliance Framework Protects Everyone Involved

Protects Providers

A clear compliance framework protects providers by making expectations clear before services commence. Providers know what evidence is required, what supports are within scope, what must be reported, what records must be maintained, and what oversight applies.

This reduces uncertainty and helps providers operate in a more structured and auditable way.

Protects Participants

The framework protects participants by ensuring providers are assessed before operating, workers have appropriate evidence, risks are considered, incidents and complaints are reported, and participant safeguards are maintained.

The aim is to support safe service delivery, not simply administrative access.

Protects the Framework

The framework protects the integrity of the registered provider structure by ensuring providers are not operating informally, outside scope, or without evidence.

Every provider must be suitable, onboarded, monitored, and prepared to meet the requirements of the framework. This is why CCG does not operate as a simple invoice processing brokerage.

Check whether your service is ready

Check Whether Your Service Is Ready

If you are considering operating under CCG's registered provider framework, the first step is to understand whether your service has the scope, evidence, systems, safeguards, and operational readiness required to proceed.

Download the Provider Operating Readiness Checklist or book a provider suitability discussion.