NDSS CRM Manual / Technical / Chapter 22: Glossary & Appendices
V3.8 · 2024/2025

Chapter 22: Glossary & Appendices

Complete glossary of NDIS and platform terminology, NDIS support category reference, role permission matrix, database entity relationship diagram, keyboard shortcuts, status codes, file format specifications, third-party licenses, change log, and alphabetical index.

22.1 Glossary

This glossary defines key terms, abbreviations, and acronyms used throughout the NDSS CRM platform and this manual.

A

AES (Advanced Encryption Standard)

A symmetric encryption algorithm used to protect data at rest and in transit. NDSS CRM uses AES-256-GCM for database encryption and column-level encryption of sensitive fields.

API (Application Programming Interface)

A set of protocols and tools that allows external systems to interact with NDSS CRM programmatically. The platform provides a RESTful API documented in Chapter 19.

APP (Australian Privacy Principles)

The 13 privacy principles contained in Schedule 1 of the Privacy Act 1988 (Cth) that govern how personal information is collected, used, disclosed, and stored by Australian organisations.

Audit Log

An immutable, append-only record of all significant actions performed within NDSS CRM. Captures authentication events, data changes, access events, and system configuration changes.

Availability (Staff)

The days and time ranges during which a staff member is available to be rostered for shifts. Configured per staff member and used by the rostering system to prevent scheduling conflicts.
B

Bcrypt

A password hashing algorithm used by NDSS CRM (with cost factor 12) to securely store user passwords. Bcrypt is deliberately slow to compute, making brute-force attacks impractical.

BSP (Behaviour Support Plan)

A document developed by a qualified behaviour support practitioner that outlines strategies for supporting an NDIS participant who exhibits behaviours of concern. May include authorised restrictive practices. Managed in the Clinical Services module.

Budget (NDIS Plan Budget)

The total funding allocation within an NDIS participant's plan, divided into support categories. NDSS CRM tracks budget usage in real-time and alerts when allocations are approaching limits.

Bulk Import

The process of uploading multiple records simultaneously via CSV, XLSX, or JSON files. Handled by the PHP integration service with validation, duplicate detection, and error reporting.
C

Capacity Building

NDIS funding category that supports participants to build their independence and skills. Includes improved living arrangements, increased social and community participation, and finding and keeping a job.

Capital Supports

NDIS funding category for higher-cost items such as assistive technology, equipment, home modifications, and specialist disability accommodation (SDA).

CDC (Change Data Capture)

A database pattern used by Supabase / Oracle Real-Time to detect and broadcast row-level changes (INSERT, UPDATE, DELETE) to subscribed clients in real-time.

Client Portal

A self-service web interface for NDIS participants and their families/carers to view service schedules, budget usage, progress notes, documents, and communicate with service coordinators.

Clock-In / Clock-Out

The process by which support workers record the start and end times of their shifts, typically via the mobile interface. May capture GPS coordinates for location verification.

Compliance Officer

A user role in NDSS CRM responsible for managing incident investigations, monitoring NDIS Practice Standards compliance, and ensuring regulatory obligations are met.

Core Supports

NDIS funding category for day-to-day support activities including assistance with daily life, transport, consumables, and assistance with social and community participation.

CORS (Cross-Origin Resource Sharing)

A security mechanism that controls which external domains can make requests to the NDSS CRM API. Configured to allow only authorised integration partners.

CRUD

Create, Read, Update, Delete - the four basic operations of persistent storage. NDSS CRM API endpoints follow CRUD conventions for all major entities.

CSRF (Cross-Site Request Forgery)

A web security vulnerability where an attacker tricks a user's browser into making unintended requests. NDSS CRM prevents CSRF attacks using synchronizer tokens on all state-changing forms.

CSV (Comma-Separated Values)

A plain text file format used for data import and export. NDSS CRM provides CSV templates for bulk data operations and CSV export for reports.
D

Dashboard

The main landing page after login, displaying role-specific KPI widgets, quick actions, pending tasks, and recent activity. Each of the 24 roles sees a customised dashboard layout.

DDoS (Distributed Denial of Service)

A cyberattack that overwhelms a service with traffic from multiple sources. NDSS CRM is protected by Vercel's edge network and automatic DDoS mitigation.
E

Eloquent ORM

The object-relational mapping system used by Laravel (PHP) in the NDSS CRM integration layer. Provides secure, parameterised database queries and prevents SQL injection.
F

Flask

A lightweight Python web framework used by the NDSS CRM Python microservice for report generation, analytics, and data processing endpoints.
G

Goal (Client Goal)

A specific, measurable objective defined in a participant's care plan within NDSS CRM. Goals are tracked over time with progress notes and outcome measurements.

GPS (Global Positioning System)

Used optionally during shift clock-in/clock-out to verify a support worker's location relative to the expected service delivery address.
H

HSTS (HTTP Strict Transport Security)

A security header that instructs browsers to only connect to NDSS CRM over HTTPS, preventing protocol downgrade attacks and cookie hijacking.
I

Incident

Any event that results in, or has the potential to result in, harm to an NDIS participant. NDSS CRM categorises incidents by type and severity, with mandatory reporting to the NDIS Commission for serious incidents.

Intake

The process of receiving and processing a new referral for an NDIS participant. The Intake module in NDSS CRM manages the pipeline from initial referral through to active service delivery.
J

JWT (JSON Web Token)

A compact, URL-safe token format used for NDSS CRM API authentication. Access tokens are JWTs containing the user ID, role, and expiry timestamp, signed with HS256.
K

KPI (Key Performance Indicator)

Quantifiable metrics displayed on the NDSS CRM dashboard including active client count, shift completion rate, budget utilisation percentage, and compliance score.
L

Laravel

A PHP web framework used by the NDSS CRM integration layer for legacy system connectors, bulk import/export, and data synchronisation.

Line Item (NDIS)

A specific support type within the NDIS Support Catalogue, identified by a unique code (e.g., 01_011_0107_1_1). Line items define the type, rate, and billing rules for each support delivered.
M

Master Admin

The highest-privilege user role in NDSS CRM. Has unrestricted access to all modules, data, and system configuration. Limited to 2-3 trusted individuals per organisation.

Middleware

Software that runs between the client request and the route handler. In NDSS CRM (Next.js), middleware handles authentication verification, role-based route protection, and rate limiting.
N

NDB (Notifiable Data Breaches)

The mandatory data breach notification scheme under Part IIIC of the Australian Privacy Act 1988. Requires organisations to notify the OAIC and affected individuals of eligible data breaches.

NDIA (National Disability Insurance Agency)

The Australian Government agency responsible for implementing and managing the NDIS. NDIA manages participant plans, funding decisions, and the NDIS Support Catalogue.

NDIS (National Disability Insurance Scheme)

Australia's national scheme for funding individualised disability supports. Operated by the NDIA, the NDIS provides funding to eligible Australians with permanent and significant disability.

NDIS Commission (NDIS Quality and Safeguards Commission)

The independent Australian Government body responsible for regulating NDIS providers, handling complaints, and overseeing the quality and safety of NDIS supports and services.

NDIS Number

A unique 9-digit identifier assigned to each NDIS participant by the NDIA. Used as the primary identifier for participants in NDSS CRM and for all NDIS claim submissions.

NDIS Plan

A document that outlines the funded supports available to an NDIS participant, including budget allocations by support category, plan dates, and plan management type. Typically reviewed annually.

NDIS Practice Standards

The quality standards that registered NDIS providers must meet. Covers rights and responsibilities, provision of supports, governance and operational management, and module-specific standards.

NDIS Price Guide (Support Catalogue)

The schedule of maximum prices that can be charged for NDIS supports. Published by the NDIA and updated periodically. NDSS CRM imports and enforces these rates for invoicing.

NDSS CRM

Newdawn Support Services Customer Relationship Management platform. The integrated web-based management system documented in this manual, designed for NDIS disability care providers.

Next.js

A React-based web application framework used as the primary frontend and API layer of NDSS CRM. Provides server-side rendering, API routes, and static generation capabilities.
O

OAIC (Office of the Australian Information Commissioner)

The independent Australian Government agency that oversees privacy and freedom of information. Receives notifiable data breach reports under the NDB scheme.

OT (Occupational Therapy)

A health profession focused on enabling people to participate in daily life activities. OT assessments and therapy plans are managed in the Clinical Services module of NDSS CRM.

OWASP (Open Web Application Security Project)

A non-profit foundation that produces the OWASP Top 10, a standard awareness document for web application security risks. NDSS CRM's security controls address all OWASP Top 10 categories.
P

Participant

An individual receiving supports under the NDIS. In NDSS CRM, participants are referred to as "clients" in the user interface and data models.

PgBouncer

A lightweight connection pooler for PostgreSQL used by Supabase / Oracle. Manages database connections efficiently to prevent connection exhaustion under high load.

PHP

A server-side programming language used in the NDSS CRM integration layer (via Laravel framework) for legacy system connectors, bulk data operations, and data synchronisation.

PII (Personally Identifiable Information)

Any data that can identify a specific individual. In NDSS CRM, PII includes names, addresses, NDIS numbers, dates of birth, medical information, and contact details.

PITR (Point-in-Time Recovery)

A database backup strategy that allows restoration to any specific moment within the retention window (7 days for NDSS CRM). Achieved through continuous Write-Ahead Log (WAL) archiving.

Plan Managed

An NDIS plan management type where a registered plan manager handles the financial administration of the participant's plan, including paying invoices from providers.

PostgreSQL

An open-source relational database management system used as the primary data store for NDSS CRM, hosted on Supabase / Oracle. Stores all client, staff, shift, financial, and compliance data.

Progress Note

A record created by a support worker at the end of each shift, documenting the activities performed, client's wellbeing, goals addressed, and any observations or concerns.

Python

A programming language used in the NDSS CRM service layer (via Flask framework) for report generation, analytics computations, scheduled batch processing, and data pipeline operations.
R

RBAC (Role-Based Access Control)

The authorisation model used by NDSS CRM that assigns permissions to user roles rather than individual users. The platform implements 24 distinct roles with granular module-level and action-level permissions.

React

A JavaScript library for building user interfaces, used as the frontend UI framework of NDSS CRM. React's component model and virtual DOM provide efficient, declarative UI rendering.

Referral

A request for a new NDIS participant to receive services from the organisation. Referrals are processed through the Intake module with configurable workflow stages.

Restrictive Practice

Any practice or intervention that restricts the rights or freedom of movement of an NDIS participant. Subject to strict authorisation, documentation, and reporting requirements under the NDIS Commission.

RLS (Row Level Security)

A PostgreSQL feature used by Supabase / Oracle that enforces access control at the database row level. Ensures users can only read or modify rows their role permits, regardless of application-level checks.

RPO (Recovery Point Objective)

The maximum acceptable amount of data loss measured in time. NDSS CRM targets an RPO of 1 hour, achieved through continuous WAL archiving.

RTO (Recovery Time Objective)

The maximum acceptable time to restore full platform functionality after a disaster. NDSS CRM targets an RTO of 4 hours.
S

SDA (Specialist Disability Accommodation)

Housing designed for NDIS participants with extreme functional impairment or very high support needs. SDA funding is a category within the NDIS Capital Supports budget.

Self-Managed

An NDIS plan management type where the participant manages their own NDIS funding, pays providers directly, and claims reimbursement from the NDIA.

Service Agreement

A formal agreement between an NDIS provider and a participant outlining the supports to be delivered, the schedule, the rates, and the terms of service. Managed in the Client Management module.

Service Coordinator

A user role in NDSS CRM responsible for coordinating services for assigned clients, managing care plans, reviewing progress notes, and liaising with participants and their families.

Shift

A scheduled period of service delivery where a support worker provides supports to a client. The fundamental operational unit in NDSS CRM that links staff, clients, time, location, and NDIS line items.

SIL (Supported Independent Living)

NDIS-funded support for participants living in shared or individual accommodation who need assistance with daily tasks. SIL involves shared support rosters, group home management, and specialised billing calculations.

SLA (Service Level Agreement)

A formal commitment defining the expected performance of the NDSS CRM platform, including uptime targets, response times, and support resolution timeframes.

Supabase / Oracle

An open-source Backend-as-a-Service platform used by NDSS CRM for PostgreSQL database hosting, authentication (Supabase / Oracle Auth), real-time subscriptions, and file storage. Hosted in the ap-southeast-2 (Sydney) region.

Support Worker

A frontline staff member who delivers direct support services to NDIS participants. In NDSS CRM, support workers access shift details, clock in/out, submit progress notes, and report incidents.
T

TailwindCSS

A utility-first CSS framework used for styling the NDSS CRM user interface. Provides a consistent design system across all platform modules.

TLS (Transport Layer Security)

A cryptographic protocol that provides secure communication over a network. NDSS CRM enforces TLS 1.3 for all connections between browsers, API clients, and internal services.

Timesheet

A record of actual hours worked by a staff member, generated from clock-in/clock-out data. Timesheets are reviewed and approved before being used for invoicing and payroll.

TypeScript

A typed superset of JavaScript used as the primary programming language for the NDSS CRM frontend and API layer. TypeScript's static type system helps prevent runtime errors and improves code maintainability.
V

Vercel

A cloud platform for deploying web applications. Hosts the NDSS CRM Next.js application, providing global edge distribution, automatic HTTPS, and serverless function execution.

VPC (Virtual Private Cloud)

An isolated network environment within a cloud provider. The NDSS CRM database is deployed within a VPC, ensuring it is not directly accessible from the public internet.
W

WAF (Web Application Firewall)

A security layer that filters and monitors HTTP traffic to and from the NDSS CRM application. Blocks common attack patterns including SQL injection, XSS, and request smuggling.

WAL (Write-Ahead Log)

A PostgreSQL mechanism that records all data changes before they are written to the main database files. Used by NDSS CRM for Point-in-Time Recovery (PITR) capability.

Webhook

An HTTP callback that sends a POST request to a configured URL when a specific event occurs in NDSS CRM (e.g., shift completed, invoice submitted, incident reported). See Section 19.11.

Worker Screening (NDIS Worker Screening)

A mandatory check administered by state and territory governments to assess whether a person poses a risk to people with disability. Required for all workers in risk-assessed roles. NDSS CRM tracks screening status and expiry dates.
X

XSS (Cross-Site Scripting)

A web security vulnerability that allows attackers to inject malicious scripts into web pages. NDSS CRM prevents XSS through React's automatic output escaping, Content Security Policy headers, and server-side input sanitisation.
Z

Zod

A TypeScript-first schema validation library used by NDSS CRM to validate all API request bodies at runtime. Ensures data integrity by rejecting malformed or invalid requests before they reach the database.

22.2 Appendix A: NDIS Support Categories

The following table lists all NDIS support categories used within NDSS CRM for service delivery tracking, invoicing, and budget management. These categories align with the NDIS Support Catalogue.

Core Supports

CodeCategory NameDescription
01Assistance with Daily LifeSupport with daily personal activities including personal care, household tasks, meal preparation, and community access.
02TransportFunding for transport to enable participation in community, social, and economic activities.
03ConsumablesEveryday items required due to disability, including continence aids, nutrition supplements, and low-cost assistive technology.
04Assistance with Social, Economic and Community ParticipationSupport to engage in community, social, and recreational activities, and to develop skills for community participation.

Capacity Building Supports

CodeCategory NameDescription
05Assist - Life Stage, TransitionSupport for major life transitions including leaving school, entering employment, or moving to new accommodation.
06Assist - Accommodation / TenancySupport for finding and maintaining appropriate housing and tenancy obligations.
07Finding and Keeping a JobEmployment-related supports including job preparation, workplace assistance, and supported employment.
08Increased Social and Community ParticipationSkill building for community engagement, social interaction, and independence in community settings.
09Improved RelationshipsBehaviour support and therapeutic interventions to assist with managing relationships and social interaction.
10Improved Health and WellbeingExercise and fitness activities specifically related to maintaining function due to disability.
11Improved LearningSupport for participation in educational activities and skill development for learning.
12Improved Living ArrangementsSupport for finding and maintaining appropriate living arrangements, including SIL assessments.
13Improved Daily Living SkillsTherapeutic supports including occupational therapy, speech pathology, physiotherapy, psychology, and nursing.
14Support CoordinationSupport coordination services to assist participants in understanding and implementing their NDIS plan.

Capital Supports

CodeCategory NameDescription
15Assistive TechnologyDevices, equipment, and technology to assist with daily living, communication, mobility, and participation.
16Home ModificationsModifications to the participant's home to improve accessibility and enable independent living.
17Specialist Disability Accommodation (SDA)Funding for specialist housing for participants with extreme functional impairment or very high support needs.
18Vehicle ModificationsModifications to vehicles to enable transport for participants with mobility limitations.

22.3 Appendix B: Role Permission Matrix

The following matrix shows the access level for each of the 24 NDSS CRM user roles across all platform modules. Access levels: F = Full (read + write + delete), W = Write (read + write), R = Read only, L = Limited (own records/assigned only), - = No access.

Role Dashboard Clients Staff Rostering Finance Compliance Intake Clinical Learning Portal Messaging Reports Admin SIL API
master_adminFFFFFFFFFFFFFFF
administratorFFFFFFFFFFFFWFF
financeRRRRFR----WW-RR
intakeRWR---F---WL---
allocation_rosteringRRRF------WL-W-
service_coordinatorRWRWRWRRR-WL-L-
support_workerLL-L-L--L-L--L-
team_leaderRLLW-W--L-WL-W-
hr_managerR-FRRR--F-WW---
compliance_officerRRRRRFRRR-WW-R-
behaviour_supportLL-L-L-FL-LL-L-
occupational_therapistLL-L-L-WL-LL---
speech_pathologistLL-L-L-WL-LL---
psychologistLL-L-L-WL-LL---
nurseLL-L-W-WL-LL-L-
physiotherapistLL-L-L-WL-LL---
exercise_physiologistLL-L-L-WL-LL---
dietitianLL-L-L-WL-LL---
sil_coordinatorRLRWRW-RL-WL-F-
house_managerLLLW-W--L-WL-W-
training_coordinatorR-R--R--F-WL---
quality_assuranceRRRRRWRRR-WF-R-
client_portal-L-LL----FL----
family_carer-L-LL----LL----

22.4 Appendix C: Database Entity Relationship Diagram

The following wireframe diagram illustrates the core database entities in NDSS CRM and their relationships. Primary keys are marked with [PK] and foreign keys with [FK].

NDSS CRM - Core Entity Relationship Diagram
+-------------------------+ +-------------------------+ +-------------------------+ | users | | clients | | ndis_plans | |-------------------------| |-------------------------| |-------------------------| | id [PK] UUID | | id [PK] UUID | | id [PK] UUID | | email VARCHAR | | ndis_number VARCHAR | | client_id [FK] UUID | | password_hash VARCHAR | | first_name VARCHAR | | plan_number VARCHAR | | role ENUM | | last_name VARCHAR | | start_date DATE | | status ENUM | | date_of_birth DATE | | end_date DATE | | created_at TIMESTZ | | primary_disability TEXT | | management_type ENUM | | last_login TIMESTZ | | status ENUM | | total_budget DECIMAL | +-------------------------+ | region VARCHAR | | created_at TIMESTZ | | | coordinator_id [FK] | +-------------------------+ | 1:1 | risk_level ENUM | | v | created_at TIMESTZ | | 1:N +-------------------------+ +-------------------------+ +-------------------------+ | staff | | | plan_categories | |-------------------------| | 1:N |-------------------------| | id [PK] UUID | v | id [PK] UUID | | user_id [FK] UUID | +-------------------------+ | plan_id [FK] UUID | | first_name VARCHAR | | shifts | | category_code VARCHAR | | last_name VARCHAR | |-------------------------| | category_name VARCHAR | | department VARCHAR | | id [PK] UUID | | budget DECIMAL | | employment_type ENUM | | client_id [FK] UUID | | used DECIMAL | | start_date DATE | | staff_id [FK] UUID | +-------------------------+ | status ENUM | | date DATE | | created_at TIMESTZ | | start_time TIME | +-------------------------+ | end_time TIME | | | status ENUM | | 1:N | service_type VARCHAR | | | ndis_line_item VARCHAR | | | location VARCHAR | | | created_at TIMESTZ | | +-------------------------+ | | | | 1:N | v | +-------------------------+ | | progress_notes | | |-------------------------| | | id [PK] UUID | | | shift_id [FK] UUID | | | staff_id [FK] UUID | | | client_id [FK] UUID | | | content TEXT | | | goals_addressed JSON | | | created_at TIMESTZ | | +-------------------------+ +-------------------------+ +-------------------------+ +-------------------------+ | invoices | | invoice_line_items | | incidents | |-------------------------| |-------------------------| |-------------------------| | id [PK] UUID | | id [PK] UUID | | id [PK] UUID | | invoice_number VARCHAR | | invoice_id [FK] UUID | | client_id [FK] UUID | | client_id [FK] UUID | | description TEXT | | reported_by [FK] UUID | | invoice_date DATE | | ndis_line_item VARCHAR | | category ENUM | | due_date DATE | | quantity DECIMAL | | severity ENUM | | total_amount DECIMAL | | unit VARCHAR | | status ENUM | | gst DECIMAL | | rate DECIMAL | | date_time TIMESTZ | | status ENUM | | amount DECIMAL | | location TEXT | | created_at TIMESTZ | +-------------------------+ | description TEXT | +-------------------------+ | created_at TIMESTZ | +-------------------------+ +-------------------------+ +-------------------------+ | audit_logs | | messages | |-------------------------| |-------------------------| | id [PK] UUID | | id [PK] UUID | | user_id [FK] UUID | | sender_id [FK] UUID | | action VARCHAR | | recipient_id UUID | | resource_type VARCHAR | | channel_id UUID | | resource_id UUID | | content TEXT | | changes JSONB | | read BOOLEAN | | ip_address INET | | created_at TIMESTZ | | created_at TIMESTZ | +-------------------------+ +-------------------------+

22.5 Appendix D: Keyboard Shortcuts

NDSS CRM supports keyboard shortcuts for power users. Shortcuts are available on desktop browsers only. Press ? from any page to display the shortcut overlay.

Global Shortcuts

ShortcutActionAvailable On
?Show/hide keyboard shortcut overlayAll pages
Ctrl + K / Cmd + KOpen global searchAll pages
G then DNavigate to DashboardAll pages
G then CNavigate to ClientsAll pages
G then SNavigate to StaffAll pages
G then RNavigate to RosteringAll pages
G then FNavigate to FinanceAll pages
G then MNavigate to MessagingAll pages
G then INavigate to IncidentsAll pages
EscClose modal / dialog / sidebarAll pages
NOpen notifications panelAll pages

List / Table Shortcuts

ShortcutAction
J / Down ArrowMove to next row
K / Up ArrowMove to previous row
EnterOpen selected record
Ctrl + N / Cmd + NCreate new record
/Focus search/filter input

Form Shortcuts

ShortcutAction
Ctrl + S / Cmd + SSave current form
Ctrl + EnterSave and close
TabMove to next field
Shift + TabMove to previous field
EscCancel / discard changes

Rostering Calendar Shortcuts

ShortcutAction
Left ArrowPrevious day/week/month (depending on view)
Right ArrowNext day/week/month
TGo to today
1Switch to day view
2Switch to week view
3Switch to month view
+Create new shift on selected date

22.6 Appendix E: Status Code Reference

HTTP Status Codes Used by NDSS CRM

CodeStatusUsage in NDSS CRM
200OKSuccessful GET, PUT, PATCH, DELETE operations
201CreatedSuccessful POST operation creating a new resource
202AcceptedAsynchronous operation accepted (e.g., bulk import queued)
204No ContentSuccessful operation with no response body (e.g., logout)
207Multi-StatusPartial success in batch operations (some records succeeded, others failed)
301Moved PermanentlyURL redirect for deprecated endpoints
304Not ModifiedResource has not changed since last request (ETag/If-Modified-Since)
400Bad RequestMalformed request syntax or missing required parameters
401UnauthorizedMissing, expired, or invalid authentication token
403ForbiddenValid authentication but insufficient role permissions
404Not FoundRequested resource does not exist or has been archived
409ConflictDuplicate record or scheduling conflict
413Payload Too LargeUploaded file exceeds the 10 MB limit
415Unsupported Media TypeFile type not in the permitted list
422Unprocessable EntityRequest body failed validation (Zod schema errors)
429Too Many RequestsRate limit exceeded for this endpoint/user
500Internal Server ErrorUnexpected server-side error
502Bad GatewayDownstream service (Python or PHP) unreachable
503Service UnavailablePlatform in maintenance mode
504Gateway TimeoutDownstream service (report generation) timed out

Application Status Codes (Entity Statuses)

EntityStatus ValuesDescription
Clientactive, inactive, waitlist, discharged, archivedLifecycle status of an NDIS participant record
Staffactive, inactive, on_leave, suspended, terminatedEmployment status of a staff member
Shiftscheduled, in_progress, completed, approved, invoiced, cancelled, no_showLifecycle of a service delivery shift
Invoicedraft, pending, submitted, paid, rejected, voidFinancial processing status of an invoice
Incidentreported, under_investigation, action_required, resolved, closedInvestigation workflow status
Intakenew_referral, in_review, assessment, approved, waitlisted, declinedNew participant intake pipeline stage
User Accountpending_verification, active, disabled, lockedAuthentication account status

22.7 Appendix F: File Format Specifications

22.7.1 CSV Import Templates

NDSS CRM provides downloadable CSV templates for bulk data import (Admin > Data Import > Download Template). All CSV files must use the following format:

  • Encoding: UTF-8 (with or without BOM)
  • Delimiter: Comma (,)
  • Text Qualifier: Double quote (")
  • Line Ending: CRLF or LF (both accepted)
  • Header Row: Required. First row must contain exact column names as specified in the template.
  • Maximum File Size: 10 MB
  • Maximum Rows: 5,000 per import (split larger files into batches)

Client Import CSV Columns:

ndis_number,first_name,last_name,date_of_birth,gender,email,phone,street,suburb,state,postcode,primary_disability,secondary_disabilities,status,region,coordinator_email,plan_start_date,plan_end_date,management_type,total_budget

Staff Import CSV Columns:

email,first_name,last_name,phone,role,department,employment_type,start_date,qualifications,ndis_worker_screening_status,screening_expiry_date

22.7.2 Export Formats

FormatExtensionUse CaseMax Records
CSV.csvData analysis in spreadsheet applications, further processing50,000
Excel.xlsxFormatted reports with multiple sheets, charts, and styling50,000
PDF.pdfFormal reports, compliance documents, print-ready output10,000
JSON.jsonSystem integration, programmatic data access50,000

22.7.3 Document Upload Specifications

SpecificationValue
Maximum file size10 MB per file
Allowed file typesPDF, DOCX, DOC, XLSX, XLS, CSV, PNG, JPG, JPEG, GIF, HEIC
Maximum files per upload10 files simultaneously
Total storage per organisation50 GB (upgradeable)
File namingOriginal filename preserved. Stored internally with UUID reference.
Virus scanningAll uploaded files are scanned before storage

22.8 Appendix G: Third-Party Licenses

NDSS CRM incorporates open-source software components. The following table lists the major dependencies and their respective licenses.

Frontend / API (Node.js / TypeScript)

PackageVersionLicensePurpose
Next.js14.xMITReact framework for server-side rendering and API routes
React18.xMITUI component library
TypeScript5.xApache 2.0Type-safe JavaScript superset
TailwindCSS3.xMITUtility-first CSS framework
@supabase/supabase-js2.xMITSupabase / Oracle client library
Zod3.xMITSchema validation
DOMPurify3.xApache 2.0HTML sanitisation for XSS prevention
date-fns3.xMITDate manipulation utilities
Recharts2.xMITCharting and data visualisation
React Hook Form7.xMITForm state management
Lucide React0.xISCIcon library

Python Service

PackageVersionLicensePurpose
Flask3.xBSD-3-ClauseWeb framework for Python services
psycopg22.xLGPLPostgreSQL database adapter
pandas2.xBSD-3-ClauseData analysis and manipulation
ReportLab4.xBSDPDF report generation
openpyxl3.xMITExcel file generation
APScheduler3.xMITScheduled job execution

PHP Integration Service

PackageVersionLicensePurpose
Laravel11.xMITWeb framework for PHP services
Guzzle7.xMITHTTP client for external API calls
Laravel Excel3.xMITExcel/CSV import and export
Laravel Horizon5.xMITQueue monitoring and management
PHPUnit11.xBSD-3-ClauseUnit and integration testing
Full License Information

Complete license texts for all third-party dependencies are available in the LICENSES directory of the NDSS CRM source code repository. You may also run npm run licenses, pip-licenses, or composer licenses to generate up-to-date license reports for each technology stack.

22.9 Appendix H: Change Log

The following change log documents all major releases of NDSS CRM from inception through the current version (V3.8).

VersionDateTypeChanges
V1.0January 2024MajorInitial release. Core modules: Dashboard, Client Management, Staff Management, Authentication. Basic RBAC with 8 roles. PostgreSQL database on Supabase / Oracle. Next.js frontend with React and TypeScript.
V1.1February 2024MinorAdded Rostering module with weekly calendar view. Shift creation and assignment. Basic conflict detection. Staff availability management.
V1.2March 2024MinorAdded Finance module. Invoice creation, NDIS line item mapping, draft/submit/approve workflow. Budget tracking per client NDIS plan.
V1.3April 2024MinorCompliance and Incident Management module. Incident reporting form, severity classification, investigation workflow, audit logging foundation.
V2.0May 2024MajorRole expansion from 8 to 16 roles. Added Intake and Referrals module. Messaging module with direct messages and group channels. Python service layer introduced for report generation.
V2.1June 2024MinorClinical Services module. Behaviour Support Plans, OT assessments, nursing care plans. Goal tracking with progress measurements.
V2.2July 2024MinorLearning and Development module. Course catalogue, mandatory training tracking, certification expiry alerts. Staff professional development plans.
V2.3August 2024MinorClient Portal launched. Self-service access for participants and families. Budget visibility, schedule viewing, progress note access, document downloads.
V2.4September 2024MinorPHP integration layer introduced. MYOB and Xero connectors. Bulk CSV/XLSX import for clients and staff. Legacy system data migration tools.
V2.5October 2024MinorSIL module foundation. Group home management, shared support rosters, SIL-specific billing calculations, property management.
V3.0November 2024MajorFull role expansion to 24 roles. Row Level Security (RLS) policies on all tables. Supabase / Oracle Real-Time subscriptions for live dashboard updates. Mobile-responsive redesign. Clock-in/clock-out with GPS. Webhook system.
V3.1December 2024MinorRESTful API documentation and external access. API key management. Rate limiting. Webhook event types expanded. PRODA integration connector.
V3.2January 2025MinorReports module overhaul. Custom report builder. Pre-built report templates (financial, compliance, staff utilisation, client outcomes). Scheduled report delivery. PDF/CSV/XLSX export.
V3.3February 2025MinorAdvanced rostering features. Drag-and-drop shift assignment. Recurring shift templates. Overtime detection and alerts. Multi-location roster view.
V3.4March 2025MinorSecurity hardening. Column-level encryption for PII fields. Content Security Policy headers. Brute-force protection enhancements. Penetration test remediation.
V3.5April 2025MinorDeputy and Employment Hero connectors added to PHP integration layer. Bulk data export improvements. Import dry-run mode. Duplicate detection tool.
V3.6May 2025MinorKeyboard shortcuts. Global search (Ctrl+K). Dashboard widget customisation. Notification preferences per user. Dark mode (beta).
V3.7June 2025MinorSIL module enhancements. Specialist forensic and youth service sub-modules. SIL daily log. Property maintenance tracking. Medication management improvements.
V3.8August 2025MinorCurrent release. Python analytics service expanded with budget burn-rate projections and staff utilisation dashboards. PHP connector for CareLink. Performance optimisations across all list views. Accessibility improvements (WCAG 2.1 AA). Updated NDIS price guide import for FY 2025-26.

22.10 Index

Alphabetical index of key topics covered in this manual. Chapter and section references are provided for each entry.

TopicReference(s)
Access Control (see RBAC)4.3, 20.3, 22.3
Accounting Integration (MYOB, Xero)19.10
Admin Settings17.1-17.8
API Authentication19.1, 19.2
API Endpoints19.2-19.10
API Rate Limiting19.13
Audit Logging10.6, 20.7
Australian Privacy Principles20.5
Authentication4.1-4.4, 19.2, 20.2
Availability (Staff)7.4
Backup and Recovery20.9
Behaviour Support Plans12.2
Browser Compatibility2.3, 21.5
Budget Tracking6.5, 9.3
Bulk Import19.10, 22.7
CareLink Integration19.10
Certifications (Staff)7.5, 13.3
Client Management6.1-6.8
Client Portal14.1-14.6
Clinical Services12.1-12.6
Clock-In / Clock-Out8.5, 19.5
Compliance10.1-10.8, 20.10
CSRF Protection20.2
CSV Import/Export19.10, 22.7
Dashboard5.1-5.5
Data Encryption20.4
Data Protection20.1-20.12
Data Retention20.5
Database Schema3.4, 22.4
Deputy Integration19.10
Disaster Recovery20.9
Duplicate Detection21.7
Employment Hero Integration19.10
Error Codes19.12, 21.10
FAQ21.9
File Uploads22.7
Finance and Invoicing9.1-9.7, 19.6
Goals (Client)6.6, 12.5
GPS Tracking8.5
Group Home Management18.2
Incident Management10.3-10.5, 19.7
Incident Response (Security)20.12
Input Validation20.6
Intake and Referrals11.1-11.5
Invoice API19.6
ISO 2700120.10
Keyboard Shortcuts22.5
Laravel (PHP)3.3, 19.10
Learning and Development13.1-13.5
Messaging15.1-15.4
Mobile Responsiveness21.6
MYOB Integration19.10
NDIS Commission10.4, 20.10
NDIS Number6.2
NDIS Plan Management6.5, 9.2
NDIS Practice Standards10.1, 20.10
NDIS Price Guide9.2, 22.2
NDIS Support Categories22.2
Next.js3.2
Notifications5.4, 15.3
Occupational Therapy12.3
Password Policy4.2, 20.2
Penetration Testing20.11
Performance Troubleshooting21.4
PHP Integration3.3, 19.10
PostgreSQL3.4
Privacy Act 198820.5, 20.10
PRODA Integration19.10
Progress Notes6.7, 8.6
Python Services3.3, 19.9
RBAC (Role-Based Access Control)4.3, 20.3, 22.3
Real-Time Subscriptions19.8
Referrals11.2
Report Generation16.1-16.5, 19.9
Restrictive Practices12.2, 10.5
Role Permission Matrix22.3
Rostering8.1-8.7, 19.5
Row Level Security (RLS)20.3
Security Overview20.1
Service Agreements6.4
Session Management20.2
SIL (Supported Independent Living)18.1-18.6
Staff Management7.1-7.7, 19.4
Supabase / Oracle3.4, 19.8
Support Coordination14.3
Support Worker1.3, 7.2
System Requirements2.1-2.4
Technology Stack3.1-3.5
Timesheets8.6
TLS Encryption20.4
Troubleshooting21.1-21.8
User Roles1.3, 4.3, 22.3
Vulnerability Management20.11
Webhooks19.11
Worker Screening7.5, 10.7
Xero Integration19.10
XSS Prevention20.6
Zod Validation20.6
← Chapter 21: Troubleshooting & FAQ Back to Cover & Contents