CVSDude hosts my Subversion tree. They do off-site backups every 10'. They probably use svnsync, and they're distributed over three continents, so that counts as off-site.
Me, I wanted to learn how to set up and use svnsync, too, so I synchronize with CVSDude every 15'.
I also pull a snapshot of all our modules, as a tarball, once a week, and put it on a DVD. When I pull the tarball of the module, I verify it against the MD5 sum that CVSDude has made. (I talked CVSDude into publishing an MD5 sum of each of their dumps.) Before I put it on disk I verify that I can use that dump, by turning the tarball back into a repository and checking out a tree. Finally, I check the MD5 sums on the DVD that I write.
I have found problems (though only occasionally) with each step, and been able to detect and fix them.
I don't do all this because I have great forethought -- I've just watched things go wrong, and I know what works. Wisdom from experience.
For releases, I also archive a copy of the built tree on a corporate server, and save the packaged release on a different server. These releases are tagged in the SVN tree, so I could reproduce them from source, but it's nice to have the two intermediate steps -- built but not packaged, and packaged for release -- to debug process errors when they occur, and to let me, or my developers, look at releases quickly, when there's an emergency.
I've found problems and debugged problems there, too.
When I first came to Aztek, we weren't even backing up our source tree.
Yesterday, when our IT folks discovered that the packaged releases weren't being backed up, and they may have lost them, I thought, "Heck. Well, though, it's not like I don't have a safety net."