A colleague mentioned the option to reach ASIL C through decomposition into an ASIL B and ASIL A sub-systems. While ASIL B requirements are fairly clear to me, I am not sure what can be "left out" when going down to ASIL A... Wouldn't it still be required to run the same diagnostics on the MCU in the ASIL A sub-system?
If the difference between ASIL A and ASIL B implementations is very small, it might be beneficial to make two ASIL B sub-systems from the beginning (since this would potentially allow the application to comply with ASIL D requirement...).
-JtD

 
I agree, if both sub-systems are capable of running the same diagnostics, it makes sense to make both of them ASIL-B implementations.  

Just make sure that implementation on both implementation is different in structure and execution or different architectures to avoid diagnose similar failure on both implementations as non failure as of similar implementation ex execution is identical