my preferred setup is (in a nutshell):

1. raspberry pi that has never been online with latest raspbian OS
2. load up a USB with GPG key, copy of https://github.com/iancoleman/bip39/releases/tag/0.5.6, and Electrum
3. generate seeds using bip39-standalone with passphrase/extension
4. save seeds/extensions to text and GPG encrypt and save GPG encrypted outputs to USB (note, I encrypt these with myself and some other trusted GPG recipients who will be able to decrypt all seeds upon my death)
5. load seeds into electrum and create multisig (checking bip-39 and extend) -- the reason for using bip39-standalone instead of using electrum to generate the seeds is that I don't want to be beholden to electrum's proprietary seed versioning system but they are a convenient way to load up and recreate the multisig wallet (though not a total software dependency)
6. copy down Master Pub for each seed and root fingerprints and save in a plaintext to create a watch-only (onto USB)
7. copy down first 5 generated addresses to plaintext file to extract via USB
8. bring up a watch-only on another device and ensure the addresses match
9. for extra sanity, repeat creating the multisig on the raspberry pi to ensure no weird cosmic rays affected the bits and ensure it all still matches
10. distribute each GPG encrypted seed to trusted parties/places

I save copies of the Electrum, bip39-standalone.html, and Raspbian OS image in cloud storage so family can access the exact tooling I used if I die and they need to recover along with instructions on how it was done. Cosigners know to assemble upon my death and not to give me the seeds back out of normal cycles or when asked to be rushed--and if rushed, it's a sign to alert authorities that I'm being held hostage.

There are a few other secret details, but this is good enough for most folks :)