Custom LMS for CPD compliance in regulated industries

A custom LMS for CPD compliance carries different data to a staff onboarding LMS. Every learning event needs the regulator’s category, the hours claimed, the evidence type, the practitioner’s registration number, and an audit trail that survives the regulator’s review. Moodle, Canvas and TalentLMS bury this in custom fields. Allied health providers running a few hundred practitioners feel the limits inside the first year. We have built around the problem several times.

The compliance overlay that off-the-shelf LMS tools miss

Moodle, Canvas and TalentLMS were designed for one shape of work: a learner enrols, takes a course, finishes the course, gets a completion record. That model fits staff training, paid online courses, and most institutional learning. Regulated CPD breaks it.

A practitioner does not enrol in your platform. They are registered with a body. AHPRA registers physiotherapists, psychologists, OTs and the rest. FAAA registers financial advisers under the combined association. CPA Australia registers accountants. ASIC sits behind several licensee-led training regimes. Each body sets its own definition of what counts as CPD, how categories split, how hours are claimed, what counts as evidence, and what an audit looks like.

The off-the-shelf platform does not know any of that. It models a course. The regulator models a practitioner accumulating evidence against categories that move every two years. When a CPD provider runs an off-the-shelf LMS for a regulated cohort, the gap gets filled with three patches: custom fields on the learner profile, an exported spreadsheet the admin team reconciles each quarter, and a partner who keeps the regulator-shaped report in their head. None of those scale.

A course is a one-shot record. A CPD record is longitudinal. Year-on-year totals matter. Carry-over rules matter. The category mix across a triennium matters. The platform has no native concept of a triennium, so the admin team builds one in Excel.

The five fields a CPD record has to carry

After a few of these builds, the same five fields show up every time. None of them fit cleanly into a Moodle or Canvas custom field without a workaround that breaks on the next platform upgrade.

The category. AHPRA’s CPD categories for nursing differ from psychology, which differ from physiotherapy. FAAA splits CPD into seven categories with annual minimums per category. CPA Australia uses a different category model again. The category lives on the claim rather than the course, because the same course can count under different categories for different practitioners. A psychologist and a physiotherapist sitting through the same trauma-informed care session are claiming under different rules. A platform that pins the category to the course needs two duplicate course entries to cover that case.

The hours claimed. Not the duration of the course. The hours the practitioner is claiming, which can be lower than the course length, can be split between categories, and sometimes carries a regulator-specific multiplier (AHPRA’s Category 1 often counts hour-for-hour while supervision or self-directed activity counts at a different rate). The platform has to model the difference between the activity hours and the claimable hours.

The evidence type. The regulator does not just ask whether a CPD activity occurred. The body asks for a specific evidence trail: certificate of completion, attendance record, supervision log, reflective practice statement, peer review note. Each evidence type has its own retention requirement. A certificate stored as a PDF in the LMS is not enough on its own when AHPRA expects a signed supervision log alongside it.

The practitioner’s registration number. AHPRA registration numbers, FAAA member numbers, CPA Australia identifiers. The audit asks for evidence by registration number, not by your internal learner ID. If the LMS does not carry the registration number as a first-class field that the reporting layer can pivot on, every audit response starts with an Excel join.

The audit trail. Every change to a CPD record needs a timestamped audit entry. Not a row update. An immutable history. AHPRA and the FAAA both ask for this if the body has reason to question a renewal. A learner cannot retroactively change a hours claim, the admin team cannot quietly correct a category, and the system has to be able to show what was claimed, when, and what changed since.

Off-the-shelf LMS platforms can be made to carry these fields. The cost shows up later, in the reports the regulator actually asks for and the migration debt that builds up across two or three platform upgrades.

What the regulator’s audit actually asks for

The audit is where the LMS choice gets tested. We have helped providers respond to regulator audits and licensee internal audits. The shape is consistent.

The audit asks for a record of CPD activity for a named practitioner across a defined period, usually a triennium. The record needs to show every claimed activity, the hours claimed, the category claimed, the evidence supporting the claim, and the practitioner’s confirmation that they completed the activity. The provider then has to produce the underlying evidence on request.

What the auditor wants in practice is a single PDF or CSV per practitioner that lists every claim in date order with the supporting evidence linked or attached. The auditor is not interested in your platform’s UI. They want evidence they can read on a Tuesday morning without logging in.

A custom CPD LMS is built around producing that PDF on demand. Off-the-shelf platforms produce a course completion report and leave the rest to the admin team. We have watched providers spend two weeks rebuilding a triennium of evidence for one audited practitioner. That was the moment that justified the rebuild for them.

The trap with off-the-shelf shows up when the audit response depends on data the platform was never asked to track. Did the practitioner reflect on the learning afterwards? Was a supervision log signed? Did the peer review happen? Most off-the-shelf platforms can be made to capture these, but the capture is bolted on, the data lives in custom fields, and the report is built by exporting and joining in Excel. When the auditor follows up with a clarifying question, the admin team starts the Excel join again.

Reporting back to the regulator without manual export

Each regulator has its own reporting pattern. AHPRA does not require a CPD report at renewal time; the body relies on practitioner self-declaration with audit on request. FAAA requires CPD plans and records aligned to the seven categories with annual minimums. ASIC-licensed training has the licensee in the middle, and the licensee usually wants an aggregate report monthly or quarterly. CPA Australia asks for evidence on request.

The pattern that breaks off-the-shelf is the licensee-side report. A licensee with 600 advisers wants to see, every month, who is on track against their CPD plan, who is behind, what the category split looks like across the body, and where the providers’ material is actually being consumed. That report is not a course completion summary. It is a per-practitioner cross-tab against the FAAA categories.

If the LMS data model treats the category as metadata on the claim rather than the course, that report is a database query. If the data model is course-shaped, that report is an Excel export, a category-mapping spreadsheet maintained by hand, and a pivot table that breaks every time someone renames a course.

Building the report into the database means the licensee gets it on demand. The compliance team can re-run the same query at the start and end of a meeting and see whether anything moved. That capability does not come from a feature on a platform. It comes from a data model that knew about practitioners, categories and trienniums from day one.

When to extend an existing LMS, and when to replace it

Not every regulated CPD provider needs a custom LMS. In most engagements, the platform you already have can carry another twelve months of growth if you absorb the workaround cost. The decision to rebuild has a few clear signals.

The first signal is the workaround spreadsheet becoming load-bearing. If your admin team would lose three days of work tomorrow because someone ran the wrong macro on the CPD master file, the spreadsheet has crossed the line. It stopped being a tool. It is the system.

The second signal is audit response time crossing two weeks. We have seen providers comfortable with a four-day audit response, and we have seen providers who quietly hire contract admin staff for the audit window. Once the audit response starts pulling clinicians, instructors or compliance partners off other work for more than a week, the platform has stopped doing the job the platform was bought for.

The third signal is the regulator change. AHPRA revises CPD standards. FAAA replaced the FPA framework. The licensee changes its category mapping. Each change forces an off-the-shelf admin to remap custom fields, retest the export, and explain to the team why the report looks different this quarter. A custom LMS updates the data model once and the reports follow. The off-the-shelf path repeats the remap every cycle.

The fourth signal is the cost crossover. We cover the maths in detail in the companion comparison piece on whether to extend Moodle and Canvas or rebuild. The short version: off-the-shelf is cheaper for the first eighteen months in most cases. Past month 24, the custom build is usually cheaper at total cost of ownership for any provider running more than a few hundred practitioners.

For most providers reading this, the platform you have can run for another year. The real question is whether you spend that year designing the replacement or watching the spreadsheet grow.

If you already run Moodle or Canvas and are deciding whether to keep extending the platform, the more useful read is the companion comparison post on the same cluster. If you are starting from no LMS and the regulated CPD problem is what brought you here, this is the page. Either way, the next conversation is a 30-minute discovery call where we look at your data model, your regulator, your practitioner count, and your audit history, and give you a straight answer on which side of the line your provider sits.

See how we approach custom LMS development for the broader picture, or the allied health practice page when AHPRA CPD evidence is the load-bearing problem inside the practice itself. The learning management system case study covers the closest named work we have shipped: a regulated education provider whose CPD evidence, fragmented student data and manual marking sat across three systems before we rebuilt the data layer underneath.