Despite the risks of testing disaster recovery, CIOs should plan site, technology and software strategies based on the assumption that failover/failback strategies will need to be implemented by organizations for business critical systems (at the very least) within a three year period. Traditional disaster recovery testing is often a 'go through the motions / tick in the box,' to placate regulatory authorities. CEOs and risk managers should not accept this as sufficient proof that adequate disaster recovery processes are in place.