We have a company that comes in every halfyear to check our endoscopes. They call it an audit. That should be enough, right?

Just because you outsource the job, doesn't mean that you've outsourced the risk and responsibility, even if your supplier says that you can. Have you validated how they check? Is it in line with the IFUs? Are they OEM approved? Do you do regular audits on them?