Absolutely. If this is your chosen set up, then the only thing I can see to add would be to airgap your computer, if it isn't already. Encryption at rest is obviously a good thing, but if you are decrypting on an internet connected device, then there is still a potential risk there to your descriptor/pub keys. I have a handful of different multi-sig wallets which I use for storing larger amounts of bitcoin, but the computer involved is always airgapped. Once the transaction is fully signed by a combination of computers, hardware wallets, whatever, then you can load it on to an internet connected computer to be broadcast.

My back ups for a 2-of-3 multi-sig take the following form:
Back up 1: Seed A, xpub B
Back up 2: Seed B, xpub C
Back up 3: Seed C, xpub A

That way any two back ups are sufficient to fully restore the wallet, while the compromise of one back up provides the attacker with nothing useful. Using this system, I don't also have to back up my public keys elsewhere, as you have done in your password manager.