A SAS 70 is an audit which reports on the "processing of transactions by Service Organizations."  SAS 70 stands for ‘Statement of Auditing Standard # 70’ and is from the American Institute of Certified Public Accountants (AICPA).

This is a company (i.e., vendor) that provides services to another corporation. The following are common "service organizations":
Payroll and Billing services
Claims handling
Credit processors
Clearing houses
Investment advisors
Market Research Firms
ASP's (Application Service Providers)
Data centers/co-locations
All of these companies have one thing in common: they are all providing some type of outsourcing service, and are often handling sensitive or private data and potentially conducting transactions with this data.

Completion of a SAS 70 audit gives you the advantage in your marketplace, as it illustrates to your clients that internal controls within your organization are in place and working as designed.  This gives the client confidence that their data and information is safe in your environment, thus giving you a decided advantage over competitors who have not completed a SAS 70 audit.

Historically, a SAS 70 report was used to communicate findings on internal control to your clients’ auditor; however, this is changing dramatically.   Service organizations are now becoming quite creative in using these reports to market themselves and differentiate their respective product offerings to their clients.

Yes. There is a Type I and a Type II report.
A Type I report is issued for a particular date, and states that the control objectives are in operation as of that date, and that the supporting controls are suitably designed to achieve the objectives. For example, a CPA firm would examine a company's controls on July 1, 2005 and state that the supporting controls are suitably designed to achieve the objectives.  
A Type II report is issued for a period of time, and states that the control objectives are in operation as of that date, and that the supporting controls are suitably designed to achieve the objectives.  It also states whether the controls that were tested were operating with sufficient effectiveness to provide reasonable assurance that control objectives were achieved during the specified period.

No.  A service organization can distribute the report to any other third party, but it may only be used for informational purposes, with no reliance on the report.

No. SAS 70 audits have been conducted since 1992. The demand for these audits have been spurred on by the Sarbanes-Oxley Act of 2002, and the overall increasing complexity of I.T. transactions.

SAS 70 Type I and Type II reports do not technically expire.  However, your client’s auditor may or may not choose to rely on the report, based on the amount of time that has passed since it was issued.

Many organizations express concern over the time and resources needed to conduct a SAS 70 audit, particularly when the scope includes observing and ultimately testing a large number of controls throughout many areas of a company. Reznick Group is sensitive to these concerns, and strives to conduct all SAS 70 engagements with the utmost efficiency and effectiveness. We schedule the phases of the audit to accommodate your employees and your time.