Digital Blueprint for NHS WalesReferencesSystemsCANISC — Cancer Network Information System Cymru
Reference

CANISC — Cancer Network Information System Cymru

CANISC — the cancer system NHS Wales tolerated for 30 years on unsupported software — held DHCW's highest risk score until decommissioning in July 2025.

What was CANISC? The Cancer Network Information System Cymru carried Welsh cancer care for three decades on legacy technology — unsupported by Microsoft since 2014, built on software deprecated around 2010 — holding the highest score on DHCW's corporate risk register, unchanged, from the organisation's founding until the system was finally decommissioned in July 2025. The executive medical director's own question stands as this page's frame: "for 30 years I've been using CANISC… how is it that the system tolerated the legacy software for so long?"

What CANISC was

The Cancer Network Information System Cymru: the national system holding cancer pathways, treatment records and multidisciplinary-team workflows for Welsh cancer services. Clinicians used it for around three decades — long past the life of the technology underneath it.

The record

Microsoft stopped supporting the underlying platform in 2014. The Senedd’s Public Accounts Committee heard in 2018 that CANISC carried a red risk rating and live cyber-security exposure, and asked for it to be “replaced urgently and as soon as is practicably possible.” It held the highest score on DHCW’s corporate risk register, unchanged, from the organisation’s founding. The replacement’s go-live slipped through five scheduled dates. The system was finally decommissioned in July 2025 — four years after DHCW was stood up to replace the body that built it, and seven years after the Senedd asked for urgency.

The executive medical director’s question in open session is the whole page in one sentence: “for 30 years I’ve been using CANISC… how is it that the system tolerated the legacy software for so long?”

The structural reading

The answer to that question is the drift to low performance trap: each year’s tolerated risk becomes next year’s baseline, until a thirty-year-old cancer system reads as normal. The board’s most technical independent member named the wider pattern — “plenty of time to realise a system is coming to end of life… and yet we are finding ourselves… with uncertainty of funding.”

The rule that prevents the next CANISC

The target architecture makes end-of-life a published fact rather than a private tolerance: every national system carries a published end-of-life date with funding triggers attached, so replacement is forced onto the portfolio a decade before the risk register learns to live with it.

Sources for this page
  • Senedd Public Accounts Committee, Informatics Systems in NHS Wales (2018) — red risk rating; Microsoft support ended 2014; "replaced urgently and as soon as is practicably possible"
  • DHCW corporate risk register and board minutes — highest risk score, unchanged, from founding to decommissioning; five slipped go-live dates
  • The documentary evidence base