A few things to consider:
Establish the backup / retrieval policy. How long do you need to keep backups, how frequently do backups need to occur, etc. Most backup systems do a "delta" backup meaning daily backups are only for things that change. That may mean, to recover a file unchanged for several weeks, you have to do a little digging. Worse, if trying to recover a file that hasn't changed in a year, it's not uncommon to purge backup media over a year old. So you need to consider how frequently full backups occur.
Also consider how backups are done. You can have backup media (e.g., DVDs, portable hard drives, etc.) or you can backup to the 'cloud' now. Obviously, there are privacy concerns with the latter that you may need to consider.
Validate the backup procedure to ensure a) everything is getting backed up properly; and b) it can be retrieved. Sometimes, databases, files in repositories, etc. don't gt backed up for various reasons. Also look at the scope of the backup - are all disks being backed up?
Backups should be stored away from the server in case something catastrophic occurs at the server site, your backup data is presumably safe.
If you're backing up to the cloud, you'll need to determine the level of protection required (physical and logical).
Use your supplier qualification for either selecting an offsite storage site (consider physical security, environmental conditions, etc.) or a cloud service (security, policies, etc.). Note that one advantage with going to the cloud is that you can mirror your data in geographically diverse sites so if there's a major catastrophic event, it's still likely your data can be retrieved from the mirror site.
Those are the things that jump to mind. Maybe others will contribute additional considerations.